Creating an MSP Incident Response Plan? Here’s Some Advice

The best way to ensure things go from bad to worse for your MSP clients is to not have an incident response (IR) plan in place when you’re hit with a cyberattack.

And many MSPs don’t have an IR plan to follow for one simple reason: They don’t know how to develop one. To make things easier for them, Chris Loehr, EVP of Solis Security, and Wes Spencer, CISO of Perch Security, recently joined me on a webinar to discuss what MSPs should know about IR plans.

Here are some of the tips Chris gave during our webinar on developing an MSP Incident Response plan.

Keep your IR plan up to date

Your IR plan is a living document. When it comes to an IR plan, there’s no such thing as setting it and forgetting it. Updating your IR plan from time to time is absolutely necessary to prevent an incident from getting out of hand. Review your IR plan at least once a quarter and adjust it accordingly. For example, you may need to update contact information after an executive leaves your business. There’s no excuse for having out-of-date IR plan. Your plan must be reviewed on an ongoing basis for any discrepancies. Put someone in charge of keeping your IR plan updated with the latest and most accurate information. Don’t ever let a “thin layer of dust” accumulate on your IR plan.

Who needs to be involved?

While not everybody in your business needs to be included in your IR plan, some people do, especially those directly involved with your IR strategy. Review your org chart and identify your key players, some of whom may be actually outside your organization (e.g., a public relations specialist or an attorney). After identifying your key players, find backups for each of them. When an incident occurs, you can’t go looking around for someone. There needs to be a body in the seat, ready to go.

What should your team members be doing?

When an incident happens, your team members (each and every one of them) should know how to respond. Every role in your IR plan should be clearly defined. For example, determine who in your organization can talk with customers (because not everybody can or should). Take it a step further by indicating words they should or shouldn’t use with customers. Outline everything in your IR plan.

Involve your experts early

Call in your experts early, especially when something major happens. Always inform them when something goes awry. Even though they may cost you a pretty penny upfront, your experts — your attorney, insurance agent, etc. — will more than likely save you more money in the long run. They can help with evaluating and addressing situations when they arise, so whatever you do, don’t keep them in the dark.

Slow and steady wins the race

Every decision you make during a crisis matters. Things can go wrong fairly quickly (and even publicly). That’s why preparation is key to your business’s survival. Once your IR plan is set, you must make a dedicated effort by rehearsing it as often as possible. The time to practice your plan isn’t when you’re in the middle of a crisis. You’re going to feel pressured, and people around you are going to encourage you to put your foot on the gas, but don’t give in. Act in accordance with your IR plan.

cybersecurity ebook

TOPICS: cybersecuritycybersecurity risk managementMSP securitytop MSP
« Previous Post Back to Blog Next Post »