With cybersecurity incidents on the rise, it is essential for public entities and schools to develop an incident response plan in the event of a malicious attack.  

An incident response plan is a written document, formally approved by the senior leadership team, that helps organizations prepare for and respond to confirmed or suspected security incidents. These plans will clarify roles and responsibilities and will provide guidance on key activities.  

In the event of an attack, these plans are extremely valuable and take the guesswork out of your response. When crafted properly, cyber response plans can effectively direct resources, prevent panic, and significantly mitigate damage. At EHD, our cyber defense experts have helped countless clients establish and maintain cyber response plans.  

Typically, these plans can be broken down into three key phases: 

Before an Attack

Preparation is the most important component of an effective cyber response plan. In this stage, it’s important to provide employee training, identify preferred vendors, review insurance policies, and implement cybersecurity best practices. Conducting cyberattack simulation exercises, also referred to as tabletop exercises, is another great way for organizations to prepare with real life scenarios.  

During an Attack

When an attack is confirmed, time is of the essence. It is critical to predetermine who will serve as the incident manager. This individual will lead the response, manage communication, update stakeholders, and delegate tasks. Another important role to establish is the technology manager. This person will serve as the subject matter expert and will bring in other technical experts as needed.  

Both of these individuals should coordinate with the insurance broker, who must also be notified immediately. Your insurance broker can also identify which law firms, security firms, and other third parties are covered for use by your insurance policy. This is particularly important, as selecting the wrong vendors can result in extra costs that aren’t covered by your policy. 

After an Attack

Cyberattacks can provide key insights and information to help prevent future incidents. It’s important for organizations to hold formal retrospective meetings to evaluate the incident, the causes, and areas for improvement. Based on these findings, leadership must set a schedule to promptly update policies and procedures.  

Coordination is Key

At EHD, we can help set your incident response plan to prepare your organization for a cyberattack. As your broker, we can provide important information to ensure your plan aligns with your insurance policy. In the event of an attack, it is important to fully utilize the resources available under your plan and follow all guidelines to maximize your claim.  

Reach out to us today to get started.