Boost Business Resilience with a Business Continuity Plan: 6 Pre-Incident Planning Steps

So you’ve been breached, now what?

If you even suspect your organization has experienced a cyber incident, three questions will immediately come to mind. Did we actually experience a cyber incident? Is it a critical incident? What do we do now? This is where having a business continuity plan (BCP) becomes crucial.

A business continuity plan outlines the procedures and instructions that an organization must follow during a crisis to minimize downtime. This includes covering various aspects such as business processes, assets, human resources, and business partners, with the goal of handling anything from minor disruptions to full-blown threats.

Before you jump into action, you’ll want to answer the first two questions. The trigger could be from any number of sources, such as your event management application like ServiceNow or SolarWinds, or even from a user who can no longer access their data. You’ll want to work with your security operations center (SOC) or your security and technical teams to confirm the alert is, in fact, a cyber incident. You don’t want to launch your incident response procedure only to discover it’s a false positive.

For instance, a business continuity plan example could include steps to address cyberattacks, revenue loss, or unplanned internet outages.

Next, you’ll want to determine the incident’s severity. If critical systems or sensitive data are involved, it should be considered a critical security incident and you’ll want to follow these preliminary six steps to protect your organization, minimize the damage and restore systems to normal operation as soon as possible.

6 Pre-incident planning steps

Business continuity planning is crucial for creating a plan to address a crisis, including the steps to be taken before, during, and after an emergency to maintain the company’s financial viability.

Pre-incident planning involves several key steps to ensure that your business is prepared for any potential disruptions. First, identify the critical functions and processes that are essential for your business operations. This includes understanding the dependencies and interdependencies within your organization. Next, conduct a risk assessment to identify potential threats and vulnerabilities that could impact your business. This will help you prioritize your planning efforts and allocate resources effectively.

Once you have identified the risks, develop strategies to mitigate them. This may include implementing security measures, creating backup systems, and establishing communication protocols. It is also important to regularly review and update your plans to ensure they remain relevant and effective.

Pre incident response steps

Step 1: Contact legal counsel

To ensure comprehensive protection for your organization, it is highly recommended to have engaged legal counsel with specialized expertise in privacy and data security well in advance of any potential incidents. Legal professionals can offer invaluable guidance on the intricate landscape of federal and state laws that could come into play following a cyber incident, particularly in scenarios involving data breaches. By establishing a relationship with external counsel proactively, you not only benefit from their legal insights but also gain the added safeguard of attorney-client privilege, enhancing the overall resilience of your organization’s legal strategy.

Step 2: Assemble your incident response team and conduct a business impact analysis

Your minimum incident response (IR) team should consist of key roles to effectively handle any security incident. This includes the IR team lead who can either be an internal expert or an external IR firm leading the incident response procedure. Identifying and prioritizing critical business functions during the business impact analysis is essential to ensure that these functions are maintained during and after an incident. Additionally, technical leads bring in-depth technical knowledge, executive leads provide strategic guidance, legal counsel ensures compliance and risk mitigation, public relations manage external communications, and a dedicated business continuity team focuses on maintaining operations during and after the incident. Together, this comprehensive IR team will collaboratively address the incident across all facets of your organization.

Step 3: Determine your insurance coverage

Cyber insurance is a valuable tool for organizations to reduce their exposure to liability from cyber incidents. It provides coverage for various costs incurred during a cyber incident. If you have cyber insurance, it’s crucial to evaluate your coverage details and involve a cybersecurity expert or consultant and legal counsel for guidance.

Considering the varying estimates available, it’s noteworthy that the average cost of a data breach incident in 2023 for the US alone averaged $9.48 million. SO, if you lack cyber insurance currently, it’s advisable to proactively explore suitable coverage options to safeguard your organization against potential cyber security threats.

Step 4: Establish a command center

Establish the cyber incident command center to lead and direct mobilization and response to the security incident. It’s the triage center for where the incident should be handled along with recurring status meetings. Primary and backup locations for the command center should be established ahead of time so that all resident members of the IR team know where to congregate.  Having secure remote access that operates independently from the usual environment is crucial here as well.

Step 5: Incident response plan – Invoke the emergency communications and disaster recovery plan

This comprehensive Emergency Communications Plan delineates the specific roles and responsibilities assigned to various team members, the incident response procedures meticulously laid out, and the protocols meticulously followed by the company to ensure swift dissemination of information to all stakeholders in the event of a critical security incident. The plan, along with disaster recovery plans, is designed to maintain business operations during an emergency by guaranteeing that accurate and timely facts are communicated effectively. It is crucial to exercise caution in prematurely disclosing any incidents, as this could potentially lead to regulatory and legal liabilities that may arise.

Step 6: Setup a recurring status meeting

Until the incident is resolved and a post mortem analysis is conducted, it is advisable to establish a recurring meeting, typically on a daily basis, to ensure all stakeholders are kept informed about the ongoing status of the cyber incident. Effective communication can be facilitated through in-person meetings as well as utilizing remote communication technologies such as video conferencing tools to provide comprehensive updates and address any concerns promptly.

Fortify your defenses: incident response process

This article outlines the six essential steps to take following the discovery of a critical cyber incident. It’s crucial to emphasize that many of these actions necessitate prior groundwork. Foreseeing potential incidents is paramount. This groundwork encompasses activities such as securing cyber insurance, establishing the location of your command center, and cultivating relationships with external service providers such as legal counsel and incident response specialists. These proactive measures can significantly bolster your organization’s preparedness in effectively addressing cyber threats. Additionally, the business continuity planning process is guided by organizations like the U.S. Department of Homeland Security and the Federal Financial Institutions Examination Council, which provide valuable resources and support.

A lending hand building a robust business continuity plan

If you’d like to speak to an incident response professional about putting an Information System Security Plan in place so that you’re prepared for a cyber incident, reach out to the folks at Cyber Defense Group. There are various resources available to assist organizations in the business continuity planning process, including consultants, tools, and full software, such as the U.S. Department of Homeland Security’s Business Continuity Planning Suite. In just four short years, Cyber Defense Group has protected over 300 companies, helped recover from more than 100 data breaches, and protects more than $10 billion in revenue. Integrated measures to protect against disruptions and a cross-functional effort involving various departments are crucial components of effective business continuity strategies.

Contacting Cyber Defense Group is the step that comes before these six steps!