Technology Advisor Blog

How to Get Started with an Incident Response Plan

Posted by Ann Westerheim on 12/20/21 11:53 AM

Get Started with an Incident Response Plan

Cybersecurity headlines may sound scary, but it’s important for local businesses to know there are a lot of smart and affordable things you can do to fight back to stay more secure online and increase your chances of surviving a cyber event. A basic security risk assessment can help identify security gaps to remediate, and ongoing employee training will greatly help reduce “clicks” on the wrong things. Preventing problems is a lot less expensive and more effective than responding to an incident, but it’s not possible to eliminate all risk. As a technology service provider, Ekaru has been working with local businesses in the greater Boston area for many years, and having an incident response (IR) plan will make a big difference in your ability to successfully recover after a cyber incident.

What is an Incident Response Plan?

Simply put, if there’s an incident, how are you going to respond? The national cybersecurity headlines may seem like things that can’t happen to a local business in Westford, Chelmsford, Littleton, or any small business in the Boston area, but the reality today is that most threats are automated and non-targeted. These are just “crimes of opportunity” and everyone is at risk. While the term “Incident Response Plan” might sound intimidating, even a small number of bullets on an index card could make a big difference. The bottom line is to do SOMETHING. An overwhelmed organization will create delays and possibly more damage and lack of data availability.

Know the “Attack Vectors” for a Cyber Incident

Incidents can occur in countless ways, so it’s impossible to have a detailed plan for everything, but in general it's important to understand the most common attack vectors to begin formulating a plan.

  • eMail – an attack executed in an email message or attachment. Many studies estimate that around 90% of attacks occur via email.
  • WebTHINK BEFORE YOU CLICK – Attacks can come from a website
  • Credentials leaked to to the Dark Web.
  • Brute Force – Multiple login attempts to break through
  • External Media (Thumb drives, etc)
  • Loss or theft of equipment
  • Improper usage – any incident resulting form the violation of a company's “Acceptable Use Policy” like sharing passwords, or using a home computer with no security installed.

How Do I Create an Incident Response Plan?

The first thing to remember about creating an IR plan is that it is not a “set it and forget it” event. This is a “living” document that will needs reviews and updates as changes occur in technology, your business, and your people.

The key focus on an incident response plan is to mitigate the risks of an active cyber event.

A comprehensive IR plan should include:

  • Identify key players within the organization, including inside and outside resources like employees, insurance agent, technical team, and legal team.
  • Clearly defined roles for employees and your outside team
  • Have a list of full contact information for all employees and key outside team members. This should be accessible outside of your computer systems.
  • Develop a communication plan that addresses what to say and what not to say. In a moment of crisis, scrambling only makes it worse. It is very important to know that until events are investigated and understood, speculation doesn’t help.
  • Where is key data stored, and how is it backed up.
  • Keep an up to date list of your technology
  • What data and systems are most critical to the organization to keep running, or recover.
  • A communication plan to keep your team informed.
  • A process to review “lessons learned” and strengthen the plan

Preparation is Key

Appearing unprepared to handle a crisis can cause more damage to undo, so readying the team for any call or email which lands on their desk is going to serve the entire team well in the long run.

Keep it Simple

We highly recommend a short plan that you’ll be able to follow under stress, as compared to a very long and detailed plan that will just be too much to deal with in a time of crisis. “Table Top Exercises” are simple ways to talk through what to do. Create a typical hypothetical scenario like a ransomware attack, and talk through how you would respond. Basically this is a dress rehearsal.  By going through your plan on a regular basis, you'll have the opportunity to get more comfortable and prepared for the almost inevitable crisis.  Start simple, and take action! 

If you want help to review your IT and cybersecurity, reach out to us at Ekaru.  We're here to help!


Topics: cybersecurity, cybersecurity training, incident response plan

Subscribe by Email

    Most Popular Posts

    Browse by Tag

    See all tags...

    Posts by Month

    See all months...

    Connect With Us

    Older Blog Posts

    For older Ekaru blog posts, go to