MSP Blog Logo


Business Growth


Help Desk



Sales & Marketing


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

A Quick Guide to Incident Response Planning

Posted August 1, 2018by Lily Teplow

A Quick Guide to Incident Response Planning

Given today’s security landscape, it’s more important than ever that businesses have a plan in place to respond to major cyber threats. These threats are becoming more and more sophisticated, leaving businesses less and less equipped to handle them. To even stand a chance against a security incident, your clients need an incident response plan—and it’s your job as an MSP to help them solidify this plan.


What Is an Incident Response Plan?

An incident response plan is a detailed document that helps organizations respond to and recover from potential—and, in some cases, inevitable—security incidents. Ultimately, this plan should outline specific instructions that help detect, respond to and limit the effects of a cyber security incident.

While the types of incidents may vary—ranging from data breaches, denial-of-service attacks, firewall breaches, viruses, malware and insider threats—a solid incident response plan will help ensure any situation is handled quickly, efficiently, and with minimal damage.


Components of an Incident Response Plan

When building an incident response plan for your clients, focus on the following core components:

1. Identification

There are two elements you need to identify here: first, whether the event is actually a security incident; and second, who needs to be on your incident response team and what the individual roles and responsibilities are. 

It’s important to first identify what type of incident is occurring and its potential impact on the business. The steps and communication processes that follow the identification stage can differ based on the type of incident at play. When something is amiss or a threat is discovered, be sure to record the date and time and immediately activate the internal and/or outside response teams based on the threat type and severity. For example, minor breaches can be left to the discretion of the response team lead, while larger threats may require consultation with the full response team and across offices. 

2. Containment

Next comes springing into action to contain the incident, limit its current damage, and isolate any affected systems to prevent further damage. This is best done by finding the incident's cause and removing affected systems from the environment.

Quick Tip: Directly after the infection is detected, disconnect from the network and stop backing data up immediately. This will stop the malicious software from overwriting clean backups with infected files.

3. Recovery

Once the threat is mitigated, you can allow affected systems back into the environment and ensure no threat remains.

Quick Tip: If there’s a backup and disaster recovery (BDR) solution in place, restore from the most recent, clean backup to restore uptime.

Also, be sure to document the incident and analyze how it happened so the team can learn from it and improve response efforts in the future.


In any case, an incident response plan should contain these core components, but the plan can be expanded upon and customized to each clients' needs. At a minimum, incorporating these steps will ensure your clients have a course of action in place for better protection from and response to today’s cyber threats.


If you’re looking for a more in-depth incident response template with examples, download our guide below:

Download Incident Response Plan Guide

Lily is a Content Marketing Manager at Continuum and is passionate about helping businesses solve their biggest challenges. She is responsible for managing Continuum’s MSPblog and writing on a variety of topics, from sales and marketing to cybersecurity, helping establish authority in the MSP market. Lily is also a seasoned content creator and has supported Continuum’s PR and media efforts. In her spare time, Lily enjoys singing, traveling the world, and cheering on her favorite Boston sports teams!

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus