Mobilize Your A-Team: Prepare for the Worst by Assembling Your Best Incident Management Pros

Cyberattacks and natural disasters can paralyze enterprises, costing time, money and customers. They can even spell the demise of many unlucky businesses. In these situations, preparation is the key keeping systems and operations — not to mention client data — safe and restorable, speeding recovery and minimizing revenue loss. With nearly 80 percent of U.S. companies reporting hacks and recent natural disasters affecting data operations from coast to coast, the importance of advance incident preparation has never been more evident. Smart companies start this process by putting a team of information technology (IT) professionals in place to plan for worst-case scenarios. Consider the following when assembling your crisis management A-team.

Pick Your Position Players before You Take the Field

No single individual can see all the angles or possible outcomes of a crisis. Even the smartest incident management expert might not be able to envision every threat to your company.  An effective incident management team draws from a broad range of experience and perspectives when handling a situation, whether it is a data breach or a flooded server center. The same holds true in planning for future events.

The critical phase of creating an incident management plan is establishing the roles and responsibilities for each member of your team. Imagine, for example, an incident in which malware has compromised your company’s network and is now tracking the login credentials of your users, exposing customers’ personal data. The server needs to be hardened and ports closed as quickly as possible. Now is not the time to discover the strengths and weakness of each team member and begin assigning tasks.

Smart managers know their team inside and out, and they have assigned key responsibilities before disaster strikes. One approach is to game out a range of incident scenarios in advance with tabletop exercises. Not only will hypothetical incidents reveal which individuals are best suited to their roles, they will provide an invaluable tool for the creation of broader crisis management and cybersecurity policies and procedures.

Crisis Requires Leadership

Every team needs a leader, and selecting who that individual will be is just as critical as assigning the roles and responsibilities of individual crisis team members. By not appointing an incident management leader well in advance of any issues, you are exposing your team and company to potential chaos.

Ideal leaders should not just capable of overseeing tasks directly associated with the crisis at hand. They must also possess the experience and foresight to anticipate issues beyond the immediate horizon. Just imagine that you avoided extortion in a ransomware attack only pay to out steep fines because your team did not properly report an incident and it is easy to understand the need for a big-picture perspective.

Competent crisis leaders also understand their reporting and compliance responsibilities with regard to regulatory requirements under a variety of federal guidelines, including the Health Insurance Portability and Accountability Act (HIPAA), Graham-Leach-Bliley Act (GLBA), Financial Industry Regulatory Authority (FINRA), among others. They also know what administrative actions are required, such as notifying the Department of Health and Human Services (DHHS) in the event of a data breach of over 50 Health records.

Once your incident management team is in place, it will play its own leadership role with your employees before, during and after a crisis. Team members will guide staff through both through preparation, help educate fellow employees on policies and procedures, and provide critical direction in the midst of a crisis. An established leadership ladder extending from general staff to department heads to crisis team members to incident managers ensures an efficient and effective response to any IT emergency.

Reputation Counts

When trusted to handle customer’s sensitive data, reputation may be your company’s most valuable commodity. The story of consumer credit reporting company Equifax illustrates the impact poor incident management can have on a company’s brand. In 2017, the company’s name became synonymous with lax security procedures and poor incident management when hackers accessed the financial records of millions of customers and the company was slow to reveal the breach to government agencies and their customers.

Equifax could have likely avoided its fate by putting a comprehensive crisis plan in place, backed by the expertise of an experienced, well-organized team drilled in these kinds of incidents. Now, the company is spending millions of dollars to restore customers’ faith that it will protect their private financial information — a level of confidence that may never be achievable.

Companies build their reputations on how they handle crises, not by creating the false belief that they are immune to incidents. An effective plan begins with the assumption that disaster can strike at any time, in any place, and that preparing accordingly will minimize damage when the worst does occur. Planning flows from the top down with leaders prepping their incident management teams through drills that respond to a myriad of possible incidents. Similarly, team members can educate staff on best practices to prevent incidents and response procedures for when crises do occur.

Cybercriminals are Getting More Sophisticated

FBI special agent M.K. Palmore recently addressed a gathering of corporate leaders at the Cybersecure LA conference in southern California. Palmore, who heads the bureau’s Cyber Security Branch in San Francisco, told attendees that the majority of his caseload stems from phishing attacks. The success of this category of attack despite efforts to educate the public illustrates that phishing continues to become more sophisticated, often fooling management and even CEOs. This evolution extends to all forms of cyber-attack as criminals work to stay one step ahead of new security technologies.  It’s a game of catch-up that places victims at an extreme disadvantage, making reaction planning all the more important.

Preparation ensures that your incident management team is ready at all phases of an incident to act quickly, limiting potential damage while efficiently restoring operations. Every moment your company is offline responding to a crisis, it bleeds money and customers it may never get back. Smart companies establish a return time objective (RTO), which outlines their recovery goals for a range of incidents, from natural disasters to data breaches. Setting crisis objectives for your incident management team not only provides your roadmap to recovery, it offers degree of reassurance to calm customers, investors and staff during a crisis.

Mother Nature is not Your Friend

We sometimes forget that the biggest threats to data and system integrity is not always from nefarious human actors. The frequency of extreme climate-related events continues to increase, from hurricanes in the Southeast to wildfires in the western U.S., and tornados and floods in the heartland. Add to this the very real possibility of major earthquakes along the west coast and it becomes essential for every company to prepare a contingency for natural disaster.

Your incident management team should have a program in place to continually back up all your data, preferably offsite or in the cloud. Backup alone, however, is not enough. Many companies have turned to their backups after an incident, only to find they are either incomplete or unrestorable because of an unforeseen technical error.  At the very least, test your backups quarterly to verify they are complete and operable. Your customers, employees and executives will thank you for your foresight.

Incident Management Requires Preparation

Once you have appointed an incident management team, you need to make sure they have all the tools necessary for preparation. This will likely include admin access to your file system to set up a backup or storage system. They will also require the resources for training the rest of your team to ensure that no major assets are lost.

Having a thorough and transparent view of your company’s network systems in advance improves your ability to investigate and respond to a cyber incident. In this way, your team will be better prepared to focus on priorities, assign resources and maintain business continuity.

Want to ensure you have all necessary incident management policies and procedures in place? Valeo Networks offers companies a free Network Assessment (a $250 Value), which includes a Data Security Analysis. Contact Valeo Networks anytime at 800-584-6844 or via sales@saalexIT.com.