• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Newsletter
  • Shop
  • Contact Us

commonsent / January 11, 2023

Would You Know What to Do?

It’s 5:00 on Friday afternoon. You’re ready for a well-deserved weekend of relaxation and sleep. But as you log off your computer, it happens. Your network is hit with a cyber attack!

Your weekend is gone, but that’s the least of your worries.

Your life doesn’t flash before your eyes, but those cyber security briefings and warnings of what could happen certainly are!

That’s water under the bridge. So, what do you do now? Do you have an incident response plan? That is, do you have a “cyber” incident response plan?

Fortunately for you, this is when you wake up and realize it was all a bad dream. But it was real enough to make you decide to do something to prepare for an incident because, as you know, “it’s not a matter of if but when.’

As you start to create an incident response plan, it may feel like starting at the end instead of the beginning. But you’ll see that this is ok as long as you start somewhere.

Imagine that your dream is a premonition that something bad will happen in the next day or two. Are you ready for it? What do you HAVE to do right now?

The first thing you will need is an incident response plan. The plan must be written on paper (since it may not be accessible online if you’ve been hit with a cyber attack). You should also ensure that several copies of the plan are stored in safe places to access it quickly.

The plan should specify when the incident response team should be notified. Not all cyber events will require the full army. Some may only require the IT team. Some may require your cyber security team, your Security Operations Center (SOC), law enforcement, legal advisors, forensics teams, and more.

The members of the team should have clearly defined roles. Who will be responsible for communications (internally and externally)? Who will contact the FBI? Who is in charge of notifications for compliance purposes?

The team members must be available to respond at any time of the day or night. If they are unavailable, alternates should be identified that can be called instead. Make sure to have all the contact information for each team member and alternate (phone, email, text), and keep this list current.

The means of initial notification must be clearly defined. For example, if the attack started as an email compromise, you may not reach out by email. Or you may have a secondary email account set up (via a different internet provider) for emergency use only. And be sure it does not include the organization’s name to keep it safe from a secondary attack.

Be aware that communications may be monitored, so when sending out notification of an incident, use a pre-scripted message that everyone understands, such as, “The incident response team is to meet at our designated location immediately” whether that location is a physical location or a virtual meeting that is outside the organization’s network.

The IT team should have hardware available specifically for use in the event of a cyber incident. Items such as a laptop for remote restoration of the organization’s infrastructure and other devices.

In addition to having a plan and tools, the team should exercise to this plan against different scenarios to improve response and identify any areas needing improvement.

Conducting these exercises will not only improve your response, but it will also make everyone feel more prepared. It will also provide the next steps to develop your cyber security plan. As part of the planning process for an incident, the team will identify the hardware and software that will have to be inspected and/or wiped and restored. This inventory will be used to create the foundation for your cyber security plan because you must know what you have to know and how to protect it.

So, while this may seem like you’re starting from the end, it really is not a linear process. It is a cycle of identification, protection, detection, response, recovery, identification, etc. There is no beginning and end in cyber security. It just…is. And it is always evolving.

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT