MSP Blog Logo

Cyber Security

Business Growth

Sales and Marketing

IT Services


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

Who Do You Need on Your Incident Response Team?

Posted January 5, 2017by Joseph Tavano


As the calendar switches over to the New Year, many business owners are taking account of their processes and preparing for success in the coming year. But how many are preparing to get hacked in 2017? Security experts are predicting that data breaches will continue to increase in frequency in the coming year, so the answer is: not enough.

Unfortunately, this means that the odds of your clients suffering a data breach are higher than ever. The days of SMBs assuming “it could never happen to me” have passed, and it’s time to have a plan in place to handle a nightmare situation like a data breach. One of the first components of that plan is to build an Incident Response Team.

An incident response team comprises they key people who will deal with mitigating the immediate issues concerning a data breach as well as the numerous consequences that spiral out of such an incident. Incident response teams can extend outside of an SMB’s organization and can end up being quite large, in order to cover and address all of the issues that arise.

As an MSP, your role will be pivotal on your client’s incident response team, and will be one of the key functions between the technical aspects of incident resolution and communication between other partners. In an effort to be the vCIO for your client’s business, you’ll likely be implemented as an Incident Response Manager, who will oversee and coordinate the response on a technical and procedural perspective.

Some key members of an incident response team include:


  • Business Owner/CEO
  • Top-Level Management/Executives – A data breach is an “all hands on deck” scenario, and all key decision makers at the executive level must be active in decision-making so that resources, staffing and budgetary concerns are addressed and provisioned as quickly as possible.
  • HR – In the event that any employees are responsible for the data breath, HR will be activated to manage that area of the incident response.
  • MSP/vCIO – While operating as a separate business entity, MSPs in 2017 should strive to work closely with their SMB clients to be a vCIO embedded within day-to-day business operations.

For the purposes of this article, the MSP would align closer to an internal resource, as opposed to outside organizations who may not work as closely with the SMB. MSPs will be responsible for proactive tasks such as DR testing, mitigating the security threat, performing forensic investigation into the breach and coordinating the incident response from a technical and procedural perspective.


  • Third-Party vendors/business partners
  • Public Relations Agency
  • Legal Counsel
  • Law Enforcement (Local police, FBI, DOJ, USAG)
  • Regulators (FTC, SEC, FFIEC, Fed Reserve, OCC)
  • Risk Management Auditors

Each of these external areas will provide specific functions related to the business. However, this list could be expanded to include other specialty entities that may be impacted by a data breach given the nature of the SMB business. For example, a commercial storefront that processes credit card transactions would need to notify and communicate with the major credit card organizations as part of incident response, etc.

Also, it should be re-iterated that this team should be established and well known by the SMB prior to a data-breach incident, and should be ready to execute a clearly defined plan in order to minimize loss as fast as possible. One of the most important aspects of the creation of this plan is to understand who the local INFRAgard organization is for the client SMB, so that information and investigation can proceed in a timely and organized manner.

Create less work for your incident response team with reliable BDR!


Joseph Tavano is Senior Content Marketing Manager at Continuum, with more than 14 years of experience in content creation, content marketing, event marketing, marketing communications, demand generation and editorial across a range of industries. He is the author of several eBooks, blog posts, thought-leadership articles and other marketing and product collateral that enable Continuum partners and IT service providers in the channel to make their businesses stronger and grow their profits. In 2016, he launched the Continuum Podcast Network, which publishes multiple shows every week and reaches tens of thousands of IT professionals every year. A native of Boston, he holds bachelors in English and History from Suffolk University and resides in Salem, Massachusetts.

Topics: BDR, Cyber Security

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus