It’s a rainy Friday afternoon, and you open an email with an attachment containing the latest employee salary schedule. It’s from your boss — or so you thought! Within minutes, you realize there’s a big problem because you can no longer access your computer and a message on your computer screen says that your files have been locked and you will have to pay to gain access to them again. A feeling of dread spreads over your body, and your stress level has gone from zero to 10. But maybe if you were fortunate enough to know that this could happen to anyone, and know that your government planned for such an event – maybe you might feel a little less panicked in that moment.
So let’s talk about this plan, because if you don’t have one, we strongly urge you to get started. To begin, you’ll want to consider and appoint someone who would be in charge of managing an incident. If you lack internal expertise, you might want to ensure you have vetted a potential contractor before needing one. Additional considerations include (in no specific order of priority):
- Have you developed and adopted a written incident response plan?
- Do you have the resources and staff knowledge to respond to the incident? How about to recover data, if that’s needed? If you don’t, what is your plan?
- Do you have legal counsel that can help you with the compliance aspects of an incident? Do they know what they need to do if such an incident occurs?
- Do you know whom to contact at various law enforcement agencies?
- Do you have insurance coverage? Have you read your policy? And how will you communicate with your insurance carrier or risk pool? What kind of documentation will they need for you to submit a claim? Do you know what types of costs would be covered, and do you have a plan for how you might keep track of those costs?
- Do you have a plan for how you would communicate such an incident with your employees or the public, if they are affected?
- If recovery efforts will need to be undertaken, do you have a plan for how this might be done? Have you verified you have backups of all important information? Do you know what systems you would restore first?
- Do you have sufficient cash reserves to finance responding to and recovering from an incident? If you do not, how would you obtain financing?
These are just some of the things you would need to consider to be prepared. We don’t want to overwhelm you with all the things you should consider, but we also want to help you get started.
- Multi-State Information Sharing & Analysis Center (MS-ISAC) assistance: www.cisecurity.org/isac/report-an-incident/
- Center for Internet Security (CIS) Controls best practices: www.cisecurity.org/controls/incident-response-and-management/
- Law enforcement cyber incident reporting: www.fbi.gov/file-repository/law-enforcement-cyber-incident-reporting.pdf/view
- To report an incident to the FBI: www.ic3.gov/complaint/default.aspx/
- Washington data breach laws: apps.leg.wa.gov/RCW/default.aspx?cite=42.56.590