At this point, if you’ve read every entry in this cybersecurity series (and kudos to you if you have!), you’ve been introduced to how we’ve been comparing legal standards for cybersecurity with the standards set by HIPAA for medical practices, and you’ve also been through our checklists walking you through an analysis of your current cybersecurity practices. If you’ve discovered that you’ve been lacking in your incident response plan as a result of the checklists or if you don’t even have an incident response plan yet, fret not! We also have a checklist for you to run through as you create or edit your plan.
When you’re drafting your incident response plan, the first step – perhaps obviously – is to think about what kinds of incidents could potentially happen. (This is a great exercise to give the pessimists on your team.) Ask yourself, what are common cybersecurity incidents that could happen to a law firm or organization of your size? For example, you’ll probably need to consider your response to a ransomware attack, or a phishing attack.
Globally, you should be thinking about:
For each incident on your doom list, consider the following:
You’ll find that, as you’re walking through each of these questions and talking them over with your senior executives, IT team, and your employees, that you’ve by and large tackled almost your entire incident response plan. You can then wrap up your plan by discussing next steps for your organization in the case of an incident. This will be the recovery section of the incident response plan, which, if an incident or data breach does occur, will help put your organization back on the right path to move forward.
Here are some things you’ll want to consider when drafting the recovery part of your incident response plan:
The purpose of these checklists and any of the checklists in our previous blogposts is not to scare or intimidate you or your team members, but to empower you to take steps to protect your organization before any harm to your system, your network, your organization, and your clients occurs. You might feel like these checklists are very intense – they’re supposed to be! In the best case scenario, you’ll never have to use this incident response plan, but if the worst comes to happen, you don’t want to be left scrambling. That's why we've compiled a packet of printable versions of all the checklists in this series to help you assess your organization’s cybersecurity status and come up with a comprehensive set of policies to set your organization up for success.
This blog post is part of a 4 Part Series on Cybersecurity. You can also read Part 1, Part 2, and Part 3 for a more comprehensive overview on best practices.