When that day comes (and if it hasn’t already, it will), when your business is hit by a major data-security incident, what plans do you have in place to mitigate the effect? An incident can of course be related to a virus, malware, hack or other threat, but many incidents occur as a result of something far more innocuous like poor user security management, accidental deletion, machine failure or natural disaster.
Many business owners and managers don’t even realise that they are required by law to have a plan for dealing with such incidents, but either way it is a critical necessity in these times of ever more complex systems and distributed attack surfaces. Knowing how to deal with an incident properly can be the difference between continuing to function as normal and going bust, or at least having substantial fines levied against the organisation.
But incident response isn’t a back-of-a-cigarette-box undertaking. Good management involves more scrupulous planning than many are willing to invest in it, not least because it is often wrongly assumed that it will be an occurrence too rare to be of concern. But meanwhile, data breaches are occurring all the time in various forms, and usually take everyone by surprise, leading to severe reputational damage.
Some things to consider in the event of an incident are:
- What is the quickest route to mitigate the incident?
- Who is affected by it?
- How should it be reported?
- Are you in breach of laws and regulations like PCI DSS and GDPR?
- How will you meet your legal obligation to learn from the event?
- How will you know whether strategies are working?
Unity Metrix can help in two ways:
- Through building an incident response scheme with you, so that you can internalise systems and controls that enable you to perform speedy and efficient incident response when the time comes.
- By offering a managed incident response service, where we perform the same rigorous analysis and planning, but also update, test and manage the system on your behalf, leaving you to concentrate on the business.