Why every business should have incident response plans

3 octobre 2012

As the number of data breaches rises, it is becoming more difficult to prevent hackers from accessing confidential information. Although IT departments may not be able to stop a threat, there are ways to mitigate one. Organizations should implement incident response plans (IRP) into their infrastructures to manage network security attacks.

IRPs detail the steps an institution should take to identify and control an incident in a way that minimizes damage, reduces recovery time, cuts costs and keeps reputations intact.

Best Practices
To ensure the best protection, companies should integrate steps for preparation, identification, containment, eradication, recovery and follow up into their plans.

Outlining a plan should be mandatory because it can reduce the reaction time to a data breach. An organization should assign people with roles and responsibilities ahead of time so there will be no confusion as to who should do what in the event that a cybercriminal accesses information, Government Health IT reported.

Because organizations conduct business differently, it is also important to adapt plans to their needs and regularly test them to determine if any revisions need to be made. Experts suggest that an IRP outlines steps for different scenarios, and add to it when a new malware or security threat is identified. If a workplace does experience a breach, decision-makers should conduct an analysis after handling a situation to recognize if they should make enhancements to their IRP, according to TechNewsWorld.

Health care compliance
Although businesses are encouraged to invest in IRPs, it is mandatory for hospitals and healthcare facilities to have one in place to protect confidential patient information and comply with HIPAA. This security rule lays out standards that should be met when implementing administrative, physical and technical safeguards for electronic protected health information (EPHI). According to Government Health IT, IRPs are also useful for complying with state laws and the Breach Notification Interim Final Rule, which requires organizations to chronicle an investigation.

In the event a breach occurs, IT departments should notify patients and consumers that were affected, the Office of Civil Rights, state agencies and the media, the source reported. Taking action and telling the public can show how trustworthy an organization can be.

Because no one can foresee when a breach will occur, this form of data loss prevention can prepare institutions for the worst.  

-McAfee Cloud Security