Well, it doesn’t, it can happen at any time but let’s take the Friday afternoon example.

Imagine…

Friday afternoon. Work slowing down, anticipation of a relaxing weekend ahead. In fact, you have tickets booked to see your favourite show.

Come on 5 o’clock, well maybe 4 o’clock, it is a Friday after all.

But then…

WHAT!!??!!

Um…

What do I do now?

Pull out the incident response plan.

What’s that? You haven’t got one? Oh.

What’s an incident response plan?

A procedure to follow in the event of a cyber incident so everyone knows what to do and who is responsible for doing what. Having a plan in place can help respond to incidents effectively and enable a calmer response.

What’s a cyber incident?

The National Cyber Security Centre (NCSC) defines a cyber incident as:

• A breach of a computer system’s security policy to affect its integrity or availability.
• The unauthorised access or attempted access to a computer system.

So, in layman’s terms, a cyber criminals is trying or has succeeded in breaching your systems and stealing or encrypting or infecting your data.

Do I really need one?

Yes.

If your computer systems went down, how would you contact your staff?

Would you pay a ransom if you were infected with ransomware?

What contact number do you need for your IT; is the number you need on the system that you can’t access?

Creating an incident plan is a little like have a fire escape route and assembly point planned out. It makes you consider the actions that you will take in the event the worst happens, and by having an answer to the questions already, means you have one less thing to worry about when potentially you have a serious incident on your hands.

How do you start creating a plan, it seems like a lot of work!

As a starting point we have created a template for you to start building your plan from. You can download it here.

The template contains flowcharts and checklists as well as posters so that your team can see what actions they need to take should they be the first aware of a problem.

What else should you do?

Like running fire alarm drills, you should also practice your incident response plan and make sure that it is as good as possible before you need it. You want to be able to sleep through a storm and not worry that your roof is going to be blown off.

We can help you to do this by running business continuity exercises. We use elements of the international business continuity management systems standard ‘ISO/IEC 22301:2019’ as a model to review your continuity planning and includes aspects such as internal and external (customer and public) communications, recovery objectives (tolerable downtime, tolerable service loss), disaster recovery and recovery testing and exercises.

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.

You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.

We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

Policing led - business focussed