This Pops Up On Your Computer Screen.  What Do You Do Next?

As the world of cybersecurity continues to evolve, it is no longer an option to not have a plan in place to deal with a crisis situation.   For many companies, one isolated incident (similar to above) can be catastrophic.  As the government continues to increase regulations (Safeguards Rule) that protect the confidentiality and security of client information, we forsee a future where having cybersecurity measures becomes an essential part of doing business.
Take Small Steps Now – 2023 Resolutions!
Planning now will help better prepare for the future.  Where to begin?  We suggest taking steps to create an Incident Response Plan.  NIST identifies four steps as part of their Incident Response Framework:  Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity.
Let the BMT team provide some direction with our Assessment Plan. 

Step #1 – Preparation
Preparation is the most crucial phase in the incident response plan, as it determines how well an organization will be able to respond in the event of an attack. It requires several key elements to have been implemented to enable the organization to handle an incident:
  1. Policy: Provides a written set of principles, rules, or practices within an organization and is a crucial action that offers guidance as to whether an incident has occurred.
  2. Response plan/strategy: The response plan needs to include the prioritization of incidents based on organizational impact, from minor incidents like a single workstation failing to a medium risk like a server going down, and high-risk issues like data being stolen from a department.
  3. Communication: Having a communication plan is vital to ensuring the entire response team knows who to contact, when, and why.
  4. Documentation: A vital step in an incident response plan.  Documenting the incident assists the organization in providing evidence in the event the incident is considered a criminal act. It also facilitates learning lessons for the future. Everything the response team does must be documented and be able to answer any potential who, what, when, where, and why questions.
  5. Response Team: The team needs to be comprised of people from different disciplines and departments across the organization, not just technical or security teams.
  6. Access control: The response team also needs to have the appropriate permissions to perform their roles. For example, having permission to access networks and systems to mitigate problems and having that permission removed when it is no longer needed.
  7. Tools: Software and hardware are crucial to helping the the response team investigate an incident. This can range from anti-malware programs and laptops to screwdrivers.
  8. Training: Training is crucial to ensuring a team is prepared to tackle a security incident. It is recommended to have regular drills so all team members know their duties as and when an incident occurs.

Need help getting started? We Can Help!  BMT has the tools and expertise to help you put together an executable plan – our Safeguards Compliance Assessment will make sure you have what is needed to protect personal and client information.