May 2020 Update: For the latest guidance on incident response for SMBs, check out our Elite SMB Incident Response Guide:
Having a defined plan in place for responding to an incident is a crucial part of your security program. The document that you create should be simple enough that the procedures can be followed quickly, yet detailed enough that the response to an incident is effective in minimizing damage to the company.
This document should be separate to but should also enhance your general IT security guidelines. Here are some simple tips for putting together and implementing your incident response plan:
- Keep it clear and concise. Prior to its use, give it to a colleague outside the security field and see if they are able to understand or at least follow the instructions.
- Don't focus on finding the source of the attack at this time. Focus your efforts on your response to reduce the impact to your company and deter further breaches. Once your environment is secure, an investigation can take place into what caused it. Implement a further document detailing how to investigate the source of the breach.
- The incident response plan should not be your only line of defense in dealing with an attack. The integration of detection and threat-hunting capabilities to your cybersecurity program can mean attacks are detected before you even need to employ the incident response plan.
- Ensure your team is on board, and not just your direct department. It is essential to have understanding and buy-in of the plan's importance to ensure its effective execution in the event of an incident.
- Test, monitor and review. The plan is always a work-in-progress document and should be reviewed regularly in line with industry changes and changes to the business, such as the addition of new vendors or mergers with other companies.
So, What Do We Do?
The ActZero Managed Detection and Response (MDR) Platform collects data from all your systems and can correlate threat intelligence to help you find and respond to threats you may have missed. Use our collection of feeds as part of the service in your Anti-Virus or Firewalls today.
Download a sample of our Prevention Posture Assessment (PPA) report and find out how you can use it to determine if you have been breached or can be breached by malware.