All companies should be ready to react to a cyber incident. A cyber attack will cause panic and confusion for a business. Having a cyber response plan in place is critical so a company can experience a fast recovery with minimal damages.
In September 2018, the Cybersecurity Unit at the U.S. Department of Justice issued an updated report on the Best Practices for developing a cyber response plan. The report considers new development in cyber incident planning and response, including ransomware recovery, cloud computing, and information sharing. Also, the report includes lessons learned from federal investigations and provides feedback from private companies that have responded to cyber attacks.
Key Areas Of Cyber Readiness
The 25-page report breaks down how a company should prepare to efficiently manage a cyber incident. Below is a summary of key areas that a business should consider:
- Educate Management: Announce regular updates about new cyber threats. Prepare appropriate reactions that fit the company’s risk management strategies.
- Identify Important Assets: Create a Risk Assessment to prioritize which resources are most important for keeping the company operational. Classify data so the sensitivity of the breach is instantly known. Make sure the company’s cyber insurance policy covers the types of breaches that are most likely to occur.
- Create An Actionable Plan: Designate who will identify and contain an incident to mitigate the harm, preserve vital information, and assess the scope of the incident.
- Establish Agency Relationships: Form relationships with local law enforcement and federal agencies, such as the InfraGard chapters and the Cyber Task Forces of the Federal Bureau of Investigation (FBI) and the nationwide network of Electronic Crimes Task Forces of the Secret Service.
- Utilize Workplace Policies: Create procedures for current employees to follow when a breach occurs. Implement employee policies that prevent cyber intrusions, such as an Acceptable Use Policy when onboarding and an Exit Checklist when offboarding.
- Institute Cyber Procedures: Install appropriate technical controls, such as network monitoring and daily backups. Have a list of third-party experts to contact for help to restore systems and obtain cyber forensics.
- Get Legal Advice: Consult with a data privacy attorney about state data breach laws to understand the legal requirements of breach reporting. Ask an attorney to assist with evaluating federal laws, such as the Cybersecurity Information Sharing Act of 2015 (CISA).
Checklist For Preparedness
The report contains a detailed Cyber Incident Preparedness Checklist to get a company started with the response planning process. This checklist provides the core of a company’s Incident Response Plan (IRP). Additionally, the checklist breaks down the items to consider before, during, and after a cyber incident.