TECH TALK
to all relevant personnel. It must outline how incidents will be detected, reported, assessed, contained and resolved. The plan must also be updated regularly to account for technology and staff changes, and to align with any changes regarding the focus of the business.
2. Keep a physical copy of the plan
In the event of a cyberattack, especially ransomware, or a digital outage, systems and networks can quickly become unavailable. This means having a physical copy of the incident response plan is vital. It is also important to ensure the document can be accessed by key incident response stakeholders, who know how to locate the hard copy.
3. Agree roles and responsibilities
During a crisis, confusion over who is responsible for what can delay response and amplify damage. Assign specific roles well in advance to ensure everyone understands their responsibilities.
4. Establish communication methods in advance
Communication systems may be compromised during a major incident. Define alternative communication channels( e. g., secure messaging apps, satellite phones, out-of-band email systems) and establish protocols for activating them. This ensures coordinated action, even under duress.
5. Rehearse the plan regularly
Having a plan written down in theory is not enough to ensure it works in practice.
Tabletop exercises and simulated attacks allow organisations to test their incident response plan under realistic conditions. These rehearsals uncover gaps, clarify procedures and help the incident response team rehearse their roles and build confidence.
6. Know which systems must be restored first
Restoring all systems at once is often impractical. Identify and prioritise critical systems in advance. Is email the first to be restored, or employee network access, or operational technology, or platforms which facilitate customer access?
These are questions which must be considered and, where possible, answered in advance of incidents.
7. Define communications statements
When a breach occurs, time is of the essence in informing stakeholders, customers and potentially the public. Having pre-drafted holding statements,
48 www. intelligentdatacentres. com