As the calendar switches over to the New Year, many business owners are taking account of their processes and preparing for success in the coming year. But how many are preparing to get hacked in 2017? Security experts are predicting that data breaches will continue to increase in frequency in the coming year, so the answer is: not enough.
Unfortunately, this means that the odds of your clients suffering a data breach are higher than ever. The days of SMBs assuming “it could never happen to me” have passed, and it’s time to have a plan in place to handle a nightmare situation like a data breach. One of the first components of that plan is to build an Incident Response Team.
An incident response team comprises they key people who will deal with mitigating the immediate issues concerning a data breach as well as the numerous consequences that spiral out of such an incident. Incident response teams can extend outside of an SMB’s organization and can end up being quite large, in order to cover and address all of the issues that arise.
As an MSP, your role will be pivotal on your client’s incident response team, and will be one of the key functions between the technical aspects of incident resolution and communication between other partners. In an effort to be the vCIO for your client’s business, you’ll likely be implemented as an Incident Response Manager, who will oversee and coordinate the response on a technical and procedural perspective.
Some key members of an incident response team include:
- Business Owner/CEO
- Top-Level Management/Executives – A data breach is an “all hands on deck” scenario, and all key decision makers at the executive level must be active in decision-making so that resources, staffing and budgetary concerns are addressed and provisioned as quickly as possible.
- HR – In the event that any employees are responsible for the data breath, HR will be activated to manage that area of the incident response.
- MSP/vCIO – While operating as a separate business entity, MSPs in 2017 should strive to work closely with their SMB clients to be a vCIO embedded within day-to-day business operations.
For the purposes of this article, the MSP would align closer to an internal resource, as opposed to outside organizations who may not work as closely with the SMB. MSPs will be responsible for proactive tasks such as DR testing, mitigating the security threat, performing forensic investigation into the breach and coordinating the incident response from a technical and procedural perspective.
- Third-Party vendors/business partners
- Public Relations Agency
- Legal Counsel
- Law Enforcement (Local police, FBI, DOJ, USAG)
- Regulators (FTC, SEC, FFIEC, Fed Reserve, OCC)
- Risk Management Auditors
Each of these external areas will provide specific functions related to the business. However, this list could be expanded to include other specialty entities that may be impacted by a data breach given the nature of the SMB business. For example, a commercial storefront that processes credit card transactions would need to notify and communicate with the major credit card organizations as part of incident response, etc.
Also, it should be re-iterated that this team should be established and well known by the SMB prior to a data-breach incident, and should be ready to execute a clearly defined plan in order to minimize loss as fast as possible. One of the most important aspects of the creation of this plan is to understand who the local INFRAgard organization is for the client SMB, so that information and investigation can proceed in a timely and organized manner.
Create less work for your incident response team with reliable BDR!
By Lily Teplow
By Brian Downey
By Dave LeClair