Ride the Lightning

Before You Get Hit by Ransomware, Print Out Your Incident Response Plan

April 5, 2021

Sometimes, paper is a good thing.

As ZDNet reported on April 1, there really are firms which have been hit by ransomware and no one could get to the Incident Response Plan (IRP) because it was – of course – encrypted.

Naturally, you could also have the plan on a device that is not connected to the network but having the plan in paper in several readily accessible locations makes a lot of sense. The last thing you need to worry about after a cyber attack is where your emergency plan can be found (with contact information for your data breach lawyer, your insurance company, your digital forensics company, your bank, etc.).

Have you updated your IRP recently? Most IRPs become antiques very quickly as the nature of threats and defenses morph rapidly – and yet studies show that IRPs, once completed, are often allowed to molder, sometimes for years.

Make sure there at least an annual reminder to review/revise the plan. And tabletop exercises which assume the worst has happened should be a regular occurrence. No matter how good your defenses are, you should never assume that you cannot be breached. So be prepared – and if the nightmare comes, hopefully implementing your IRP will mitigate the extent of the damage.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email:  Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson