IT Security Incident Response Plan

Both companies and individuals should have an IT Security Incident Response Plan. In a corporate environment, employees, vendors, and contractors need to know how to quickly report an incident to the correct people to respond and address the situation. 

What is considered an “incident”?

An incident can be an occurrence, condition, or situation arising in the course of work that resulted in or could have resulted in:

• Loss of data, compromise of account information, exchange of PII Personally Identifiable Information (PII) refers to any data that can be used to identify a specific individual, either on its own or when combined with other information. This type of information is critical to the security and privacy of individuals, as its exposure or misuse can lead to identity theft, financial fraud, and other personal harms. PII includes a wide range of identifying details such as names, addresses, phone numbers, email addresses, Social Security numbers, passport numbers, driver's license numbers, and biometric data like fingerprints or facial recognition features. Organizations that handle PII are responsible for implementing robust security measures to protect this data from unauthorized access, breaches, and other cyber threats. They must also ensure compliance with relevant data protection regulations such as the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) in the United States, and other local privacy laws. Managing PII securely involves practices like data encryption, access controls, regular security audits, and employee training on data privacy. Safeguarding PII is not only a legal obligation but also fundamental to maintaining consumer trust and confidence. Companies that protect personal data effectively can enhance their reputation and foster stronger relationships with their customers, thereby contributing to long-term business success. information, unauthorized network access,
• Phishing scam, email spoofing, or social attempt to collect information.

It is essential to understand that reporting an incident, even if you did not fall for the situation, allows the IT Department to be aware and use it to make others aware of the technique being used by cybercriminals. This increases awareness through the entire company and educates other staff that might not be as cyber-aware of the threats.

With cybercrimes continuously rising in record numbers, we cannot assume we are safe and must continue to communicate and educate everyone in the organization of the dangers and that we are all targets. Sometimes, the savviest technical users are tricked with basic techniques because it becomes almost normal behavior.

The facts are scary. With over 70% of companies in the education, research and medical industries and over 50% of IT firms being directly affected by cybercrimes, we must stay diligent; we need to keep our employees aware of current and possible threats to our organization’s systems and information.

How to build an effective and proactive IT Security Incidence Response Plan

Building an effective IT Security Incidence Response Plan involves a proactive approach.  Intrada recommends the following:

1. Identify and appoint staff to a Center Security Team (CST). These individuals will be the single team to respond and be aware of all incidents and situations accordingly.
2. You must communicate all incidents and situations immediately to the CST. It is then the responsibility of the team to place additional security protocols to prevent the problem from reoccurring, monitor networks for related activity and notify internal staff or send out client-wide notices with specific information. 
3. Engage in the response phase. Intrada breaks down the response phase into four sub-categories:  detection, analysis, recovery and post-incident.  The response phase includes when the incident was first observed.  The response phase time is based on the priority of the incident.
    
   1. Response Phase 1: Detection (when and where the incident was first observed)
   2. Response Phase 2: Analysis (determining the type of threat - accidental, internal, intentional and impact – from no effect to high impact)
   3. Response Phase 3: Recovery (bringing affected systems back online and restoration or recovery efforts)
   4. Response Phase 4: Post-incident (within two weeks of the incident the CST should discuss lessons learned)

The simple rule of incident notification is contacting the CST when staff experience or observe any unauthorized activity that attempted or succeeded in accessing any information. The CST will then review the incident and handle the next steps in the process.

To report an incident, contact the Intrada Help Desk using the online Help Desk System or by calling 800-858-5745. The help desk team will route any incidents to the Intrada CST for review and follow-up.

Cybersecurity Awareness Poster

Click here for a cybersecurity awareness training poster that Intrada Technologies clients may print and post to meet cybersecurity insurance requirements.