Part Three: Communicate the Plan
Elizabeth Haro
KAMMCO, Compliance Officer
eharo@kammco.com
Parts one and two of the Incident Response Plan Series can be found in the Risk Management section of the KAMMCO website: HERE.
In the press conference after a football game, coaches and players often credit successful communication as the key to their victory. Likewise, a lack of communication is often identified as the harbinger of the team’s defeat. In a recent interview with Jim Trotter of NFL.com, Jared Goff, quarterback for the Los Angeles Rams, singled out communication as one of the most important qualities of a successful NFL head coach. He described successful communication as “How well you’re able to communicate to everyone, not only your players and coaches, but everyone within the building and the front office.” This multi-level communication style can also be applied by organizations when deploying an incident response plan when faced with cybersecurity incidents. Part Two of this series covers how to create a game plan (i.e. incident response plan) for responding to cyber incidents. This article explores how to communicate the game plan to everyone in your organization. A successful defense of your organization from cybersecurity events can only be assured if everyone knows their role in the plan. Some of the key groups to communicate the incident response plan, include incident response team members, leaders of the organization, external partners and employees. Each one is discussed in detail below.
Groups to Communicate the IRP Plan
Incident Response Team
Part One of this series discusses how to create an all-star incident response team whose members are assigned specific roles and responsibilities in the event of a cyber incident. It is essential to communicate with each member of the team to ensure they understand the incident response plan as a whole as well as their assigned role within the plan. This communication should take place on a regular basis to ensure the incident response plan can be successfully activated at any time. Expect changes and updates to the incident response plan over time: team members may come and go, role responsibilities may change and new cyber threats may need to be evaluated. As such, regular team communication is essential.
Leadership
It’s important to take time to communicate with leadership the plans and procedures outlined in the incident response plan as well as their individual role during a response. This avoids a breakdown in communication and misunderstandings and gives leadership confidence the response plan will be executed successfully and that they will be kept “in the loop” throughout the response to an event.
External Partners
Part One of this series describes external partners as an essential part of the all-start incident response team. External partners include legal counsel, public relations, computer forensics, insurance carriers and others. These partners may have additional information and resources crucial to the success of the response plan. An open line of communication with these partners and periodic contact throughout the year can ensure readily available and accurate contacts for when it’s necessary to pull these partners into the action.
Employees
An incident response plan can only be triggered if cyber incidents are detected and reported. An organization’s employees are often the targets of direct message cyberattacks and therefore often the first to suspect unusual cyber activity. It’s essential for the incident response team to communicate to employees how to identify cybersecurity events and how, to whom and in what time frame they should report these suspected events. These procedures can be communicated to employees via policies and periodic training on how to detect cyber incidents and instructions on how to respond.
In sports, teams don’t succeed without team players, a game plan and active communication. The same is true of your organization. The next, and final, installment of the Incident Response Plan Series will cover how to practice to make sure your organization is ready for a cybersecurity attack. It will also explore what your organization can learn to continue to improve your response.