Small and Medium Organizations: Develop an incident response plan
According to Statistics Canada’s 2018 survey of Canadian enterprises, almost 20% of small enterprises and 30% of medium enterprises experienced a cyber incident in 2017. The survey found that 87% of respondents did not have a written policy to manage or report cyber security incidents. The results of the survey demonstrate that small and medium organizations need to be diligent and develop an incident response plan.
What is an incident response plan?
The Cyber Centre defines a cyber incident as any unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource. Some examples of cyber incidents are phishing, ransomware, and Distributed Denial-of-Service (DDOS) attacks.
An incident response plan ensures that your organization is prepared to detect, respond to, and recover from a cyber incident. The goal is to recover as quickly as possible. An effective plan limits disruptions to internal services, clients, and partners, and reduces data loss and reputational damage.
A written incident response plan ensures that responders are ready to carry out the necessary tasks to deal with an incident. It should:
- Specify the roles and responsibilities of those involved in the response
- Provide contact information for everyone involved in response activities
- Provide detailed instructions on handling common incidents
- Specify actions required for mandatory incident reporting
Due to a lack of monitoring, many cyber incidents go undetected for a long time, resulting in more complicated and costly recoveries. Your organization should consider implementing a solution for detecting, monitoring, and responding to incidents. For example, solutions may include security information and event management (SIEM) systems.
In addition to liability coverage, your organization should also consider purchasing a cyber security insurance policy that covers incident response and recovery activities.
Recommendations for your organization:
- Develop a written incident response plan with detailed responsibilities
- Consider purchasing a cyber security insurance policy, which includes coverage for incident response and recovery activities, as well as liability coverage.