Blog / Clear Communication Is Crucial When Things Go Wrong
Incident Response Policies and why your business needs one.
Before getting into the details, let me be clear; one of the most important reasons why your organization needs an Incident Response Policy, or IRP, is for compliance. But I’ve written a lot about the importance of compliance with regulations like Alberta’s privacy legislation PIPA or the PCI-DSS before, and yes, both sets of rules require organizations they impact to have an IRP, so this time I decided to write about the additional real world advantages of these policies, beyond protecting against liability.
An incident response policy is pretty straightforward; it’s a plan for your organization to follow when a potential problem comes to light. Certain problems, like Ransomware, deserve their own specific response plans, but an IRP is a broader, catch-all policy. That means they need to focus on a common critical element that can help your organization in virtually every situation: communications.
For example, the movies don’t get it all wrong when dramatizing hacks and other cyberattacks. The hacking itself usually isn’t remotely close to what actually happens, but while the chaos in the victim’s command centre is extremely exaggerated with technicians run from station to station shouting into headsets and so on, there’s still a kernel of truth, albeit tiny, to such scenes. After all, I’d certainly hope to see at least some commotion and an urgent phone call or two in my offices were something significant to happen.
That’s where Incident Response Policies come in, outlining personnel responsibilities and communication channels. Making sure the right people know what they need to know is one of the most important aspects of responding to an incident. There’s very little more frustrating than trying to complete even everyday tasks only to discover that someone else has disabled a tool without telling you; during an incident such discord could be catastrophic. There need to be open lines of communication between those that do and those that act. Proper communication cannot be understated and needs to be part of your organizations policies.
If you’d like help developing a robust incident response policy for your organization, or if you have any other cybersecurity questions, contact a TRINUS cybersecurity professional to get some stress-free IT for yourself.
This Shakespeare quote comes from Love’s Labour’s Lost; “They have been at a great feast of languages, and stolen the scraps.”
Be kind to one another, courtesy your friendly neighbourhood cyber-man.