graphic of lock dissolving into zeros and ones.

How to create an Incident Response Plan for your business.

Time is critical in reporting a security breach. Is your business prepared?

In the case of a security breach, a speedy response time is critical to protecting data. Take two important examples of security incidents: the Target hack, and Google’s recent phishing scam. In the first, Target’s failure to notice and respond to the security breach resulted in much more serious incident and loss of trust than what they would have faced, had they responded to the situation with urgency.

The Google phishing scam, while not a security breach, did have the potential to compromise the accounts of millions of Google users. Google takes their security very seriously, so even though they didn’t know what form an attack might take, they prepared an action plan to be ready for whatever action might come their way. The plan paid off.

According to a statement from Google:

“We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour.”

This quick action, the result of prior planning helped shut down an incredible damaging scam before it could go too far. Google estimates the scam affected less than 0.1% of users. A slower response to this threat might have undermined users’ confidence in Google. But Google’s efficiency in resolving the problem has instead bolstered the confidence of many.

What do you need to do to create an Incident Response Plan according to NIST 800-171 guidelines?

For businesses handling contracts for the federal government, having an Incident Response Plan in place is one of the chief requirements of NIST 800-171. The new guidelines have three main criteria for creating an Incident Response Plan. It must:

  • Establish an operational incident-handling capability for organizational systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
  • Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization.
  • Test the organizational incident response capability.

These steps may seem straightforward enough, but implementing them is another matter. If your organization needs assistance creating, tracking, and testing an Incident Response Plan, we can help. Contact us for a free network security audit, and we can help you build a plan to move forward.