When it comes to a breach, be prepared.
Your security incident response plan concerns itself with day-to-day security issues. That’s not to say that malware infections and distributed denial-of-service attacks are not important even if they are day-to-day. A cybersecurity crisis management plan looks at security from another angle. It’s concerned with what you need to do to protect and defend the reputation of the organisation, its products, and its services from or in the event of a crisis.
You know what those crises might be, because they were keeping you up at night long before the sun rose on 2017. We’re talking about haemorrhaging credit card numbers, bank details, or personal health information.
So what steps should you take to supplement your incident response plan with crisis management preparation?
1. Involve top leaders
It’s the CEO and the rest of the C-suite who’ll be in the spotlight if there’s a crisis. They need to know the plan and be trained for it well in advance.
- What exactly is their job in a crisis?
- What exactly is the right amount of information to be giving out (and when)?
- Where will they that information?
2. Make the plan formal
Nothing beats writing for clarity, especially when it’s there to refer to in the fire of crisis.
What to include:
- Who gets the call. You’ll need people from legal, privacy, communications, and compliance in the war room.
- Specific roles for each of those people.
- A threat matrix documenting threat levels and response protocols.
- A communications matrix—who do you need to communicate with (customers, regulators, partners, media, etc.) and what do you need to tell them?
- Templates—the heat of the moment is not the time to be drafting emails and statements from scratch (especially if it’s going to involve back and forth between communications, legal, and the C-suite).
When your house is on fire, you don’t want to find out the local fire department has never actually seen a fire before.
If you’ve got the budget, get a specialist to help you put together a simulated crisis. Make it as real as possible. Even if you don’t have the budget for a full simulation, it’s worth running a table-top exercise with everyone named in your plan.
Get your suppliers in place now
You’ll likely need swift investigation and mitigation of a detected breach. Don’t wait to walk through the Yellow Pages then when you could have done it now. Get your information security, compliance and legal departments to vet and agree on potential security vendors while you have the luxury of time.
Think “when,” not “if”
It’s going to happen to you, so don’t put off formalising a cybersecurity crisis management plan. Make it a 2017 priority.