TechGuard Blog

Why You Need an Incident Response Plan

Imagine you are a big hotel chain getting ready to close a large acquisition. You're growing at a rapid pace, and everyone knows your name. Your brand reputation lends itself to professionalism and the trust to deliver a well-designed, modern, clean hotel experience with many desirable amenities. Your hotel is somewhere clients feel safe to bring family and they trust that your business transactions are secure. The next thing you know, the large chain that you recently acquired had a problem with security and now you are wondering how to handle a very large breach that occurred.

Do you happen to remember Marriot's Mega-Breach? Physical addresses, birthdates, and passports numbers were exposed for up to 327 million people. Some of the information exposed included credit card information. Back in 2016, Marriot purchased Starwood Hotel & Resorts. In 2015, Starwood disclosed that they had an issue with malware but Marriot continued with the acquisition. This story brings to light the importance of recognizing what might be at risk during mergers and acquisitions. Clearly, Marriot's purchase included a breach and serious cybersecurity concerns. These attacks can result in business closure, cost millions of dollars, and/or destroy your company's reputation. 

What is an Incident Response Plan?

An Incident Response Plan is an organized approach with step-by-step guidelines for handling a security incident or breach. The goal is to incur the least impact for the regular course of business to the company and to have a fast reaction time when something happens in order to minimize the damage.

Why is it critical for your business?

The fact is, breaches and security incidents are taking place every day. Attackers are becoming more advanced. You'll need to be prepared to act quickly if such an event occurs. You have worked hard to protect your reputation and to build a successful business. Many businesses do not survive these incidents due to a lack of preparation.

Most recently, we've heard companies say they feel cyber resilient, but when the plans are looked at in closer detail, they don't seem to be up to par and claim they don't have a formal and consistent incident response plan for their business. But, how do you go about implementing such a plan?  Fortunately, you don't need to hire a full-time incident response employee to protect your business, you can meet with our Incident Response experts at TechGuard to create your incident response plan and be prepared.

Testing the IR Plan

It's equally important to ensure your Incident Response Plan includes various realistic scenarios. Different types of attacks require different types of responses. Consider if your plan includes third parties. Once plans are developed it's critical to test the plans. Practice tabletop exercises to understand various team members' roles in the response process. These exercises are a great chance to practice the "what if" scenario. One example of a "what if" situation is to respond as if a company laptop storing private information is lost. Ideally, the team members will discuss the scenario and talk through the exercise. The exercise could take anywhere from a few hours to an entire day to execute.

How can TechGuard help?

We will work with you to develop a comprehensive and well-communicated Incident Response Plan that is customized to your individual business needs. We will help you minimize risks, protect your data and maintain organizational control of sensitive information. Your assigned TechGuard Cybersecurity Expert will ensure your Incident Response Plan contains all the necessary elements and will develop and conduct a realistic security incident table-top scenario to exercise the documented plan.

At TechGuard Security we approach incident response planning by applying the Center for Internet Security (CIS) eight-step framework that addresses every aspect of an Incident Response Plan. This approach allows us to utilize an adaptable framework from which we can develop a customized Incident Response Plan to meet your unique needs. The Incident Response Plan will be presented via a collaborative session enabling all stakeholders to understand their responsibilities in executing the Incident Response Plan as well as giving the opportunity to provide feedback.

Written by Allie Prange