We have thousands of interactions a day on the internet.  Lurking in the corners of emails, ads on websites and even buttons on pdf’s there can be embedded code and links that will stop your business in its tracks.  The creators of this content know how to give you a sense of anxiety, entice you and make clicking them irresistible.

The moments after you find out your users have been compromised are overwhelming.  What do you do?  Be prepared by setting up a Security Incident Response Plan.  The plan does not have to be elaborate, but should start by naming a Incident Response Team so that your employees know who to notify when there is a suspected incident.  The Plan should cover the following areas:

 

Detection – Discovery of the event using security tools or reporting from inside or outside of the organization.  The detection is what mobilizes your response team.

Containment – Once an incident has occurred, the response team will move to isolate the infected systems to prevent further damage.

Investigation – Determine the scope and root cause of the incident.  Notification, including compliance (HIPAA, GLBA, etc..) should take place at this point.

Remediation – Repair the affected systems.

Redress - At the end of any incident, it is important to review “lessons learned” so that you can improve your response in the future.

Having the plan is a great first step, but don’t stop there.  Educate your staff about incident response.  Full employee cooperation will reduce the length of disruptions and can limit the chances of a significant security breach.