Building a Cybersecurity Response Team
The cybersecurity threat is ever-changing and it’s not a question of “if” your organization is going to be the victim of a cyber-attack, but “when”.
More than 70% of cyber-attacks specifically target small businesses.
Approximately 60% of small and midsized businesses do not recover from a cyber-attack and go out of business after six month.
At the same time, 95% of all network security attacks can be attributed to employees who unwittingly help hackers access networks.
We can help. Call De Novo HRConsulting to schedule an in-office Cyber Security presentation for your employees and to help establish a SCIRT team at your company! In the meantime, here’s the basics.
It is essential to have systems in place to prevent it from happening, but a well thought out response plan that helps to stop, contain, and mitigate the damage is also necessary. Having this plan in place before hand is crucial to a rapid and effective response to any cybersecurity breach. Integral to this response is the creation of a Cyber Security Incident Response Team (CSIRT).
Some of the responsibilities of the CSIRT include:
Monitoring systems for any breaches
Providing a central reporting center to receive incident reports and distribute critical information to those who need it
Keeping all emergency information (passwords, IP addresses, system information, etc.) in a secure offline location that can only be accessed by authorized individuals
The CSIRT is made up of people from various departments in the company but the lead members are your IT security professionals since they have the technical expertise and training regarding the company’s network and security measures.
CSIRT Team Leader: This person is responsible for the entire team. They will make policy and procedure recommendations based on the needs of the company and the performance of the team.
CSIRT Incident Lead: This individual will coordinate the response for a specific incident. The Incident Lead can vary based on the type of breach.
The CSIRT is a cross-functional team and needs support from associate members outside of IT.
Human Resources: The HR member needs to be available to manage any personnel issues that may arise, for example, if the breach or data theft was the direct result of an employee’s action. They also can be responsible for communicating the details of the incident to the organization as a whole.
Communication and Public Relations: This person is responsible for managing the dissemination of information to the appropriate parties. This includes stakeholders in the company, clients and customers, and the public if deemed necessary. They will be working closely with legal to ensure compliance with any federal and/or state laws.
Legal: The legal representative works to ensure that the company minimizes their legal liability, maximizes the potential to prosecute the criminals, and provides reporting to the proper authorities. They are knowledgeable about any reporting obligations required by state law or other agencies. Outside of an immediate cybersecurity event, legal should also be responsible for insuring the organization has a cybersecurity insurance policy in place. These policies are relatively new and can vary widely in in their terms and coverage.
In the event of a cybersecurity incident, having your CSRIT in place allows your company to respond to the event with a predetermined response plan, rather than with reactive decisions made in the heat of the moment. Again, please call to schedule an in-office Cyber Security presentation for your employees and to help establish a CSIRT team at your company!