Being ready and able to effectively respond to a cyber incident is vital in terms of minimizing the resulting damages, but do you know what to do or where to look for assistance?
An effective response means having a plan before a cyber incident occurs. To help with your incident response planning efforts, the U.S. Department of Justice (“DOJ”) recently released a revised version of its “Best Practices for Victim Response and Reporting of Cyber Incidents” (Guidance). The DOJ’s Guidance was based on the real-life lessons learned by federal officials with input from private companies who managed cyber incidents.
The Guidance consists of four sections:
- Steps to Take Before a Cyber Intrusion or Attack Occurs
- Responding to a Cyber Incident: Executing Your Incident Response Plan
- What Not to Do Following a Cyber Incident
- What to Do After a Cyber Incident Appears to be Resolved
The Guidance includes added incident response considerations, including ransomware, cloud computing, and working with cyber incident response firms. While it was intended mostly for smaller organizations, the beneficial advice and recommendations can be applied to entities of all sizes.
A Key Priority
A critical first step in incident readiness is getting leadership buy-in. Senior management and other governing bodies need to understand how cyber threats can disrupt an organization, compromise its business model, destroy its reputation, damage customer confidence levels, and cause other types of harm. Getting leadership buy-in early on will enable key individuals to make proper resource decisions and set priorities.
The updated Guidance is part of the DOJ’s campaign to engage with the private sector on cybersecurity issues. While the Guidance does not have regulatory effect, it is a useful tool for organizations seeking to align their policies with today’s cyber best practices. Review these best practices and improve your cyber incident readiness today!