Business Cyber Planning Guide

All companies should be ready to react to a cyber incident. A cyber attack will cause panic and confusion for a business. Having a cyber response plan in place is critical so a company can experience a fast recovery with minimal damages.

In September 2018, the Cybersecurity Unit at the U.S. Department of Justice issued an updated report on the Best Practices for developing a cyber response plan. The report considers new development in cyber incident planning and response, including ransomware recovery, cloud computing, and information sharing. Also, the report includes lessons learned from federal investigations and provides feedback from private companies that have responded to cyber attacks.

Key Areas Of Cyber Readiness

The 25-page report breaks down how a company should prepare to efficiently manage a cyber incident. Below is a summary of key areas that a business should consider:

  • Educate Management: Announce regular updates about new cyber threats. Prepare appropriate reactions that fit the company’s risk management strategies.
  • Identify Important Assets: Create a Risk Assessment to prioritize which resources are most important for keeping the company operational. Classify data so the sensitivity of the breach is instantly known. Make sure the company’s cyber insurance policy covers the types of breaches that are most likely to occur.
  • Create An Actionable Plan: Designate who will identify and contain an incident to mitigate the harm, preserve vital information, and assess the scope of the incident.
  • Establish Agency Relationships: Form relationships with local law enforcement and federal agencies, such as the InfraGard chapters and the Cyber Task Forces of the Federal Bureau of Investigation (FBI) and the nationwide network of Electronic Crimes Task Forces of the Secret Service.
  • Utilize Workplace Policies: Create procedures for current employees to follow when a breach occurs. Implement employee policies that prevent cyber intrusions, such as an Acceptable Use Policy when onboarding and an Exit Checklist when offboarding.
  • Institute Cyber Procedures: Install appropriate technical controls, such as network monitoring and daily backups. Have a list of third-party experts to contact for help to restore systems and obtain cyber forensics.
  • Get Legal Advice: Consult with a data privacy attorney about state data breach laws to understand the legal requirements of breach reporting. Ask an attorney to assist with evaluating federal laws, such as the Cybersecurity Information Sharing Act of 2015 (CISA).

Checklist For Preparedness

The report contains a detailed Cyber Incident Preparedness Checklist to get a company started with the response planning process. This checklist provides the core of a company’s Incident Response Plan (IRP). Additionally, the checklist breaks down the items to consider before, during, and after a cyber incident.

Share this article!

Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.