Get in touch

408-366-8880

mymail@mailservice.com

Cyber Incident Response Plans: An Overview

Chris Freitas • 22 January 2021

The costs and lost profits associated with a cyber incident or breach can result in a small to mid-sized business closing its doors. The average global cost of a data breach in 2019 was $3.92 million according to the 2019 Cost of a Data Breach Report. Therefore, cyber incident response plans are crucial for business continuity in today’s world of technology.

With the vulnerabilities of a mostly remote workforce due to COVID, cybersecurity needs to be assessed and ramped up to mitigate the increased risk. Part of the assessment and response to a remote workforce includes revamping cyber incident response plans to accommodate remote work environments.

OBJECTIVES & PHASES OF CYBERSECURITY INCIDENT MANAGEMENT

Cyber incident response plans are designed to help businesses deal with a cyber incident or breach. A quick and successful cyber crisis response can save the company a significant amount of time and money.

Some of the objectives of cybersecurity incident management include:

Being proactive to avoid cybersecurity incidents and breaches
Mitigating exposure and threats during a cybersecurity event
Reducing costs associated with cybersecurity incidents
Minimizing the impact of breaches of privacy, information, and personal records
Assessing and reporting findings to appropriate stakeholders
Improving coordination during cybersecurity incidents
Learning from cybersecurity incidents and applying necessary changes to prevent future incidents
Training employees to help prevent cybersecurity incidents

The phases of a cyber incident response plan include:

Planning and preparing: Proactive actions to address possible cyber incidents, including plan development, incident response team formation, applying protocols and safeguards, and sharing and testing the plan, are necessary.
Detecting and reporting: Monitoring systems and detecting incidents are part of this phase.
Assessing and decision making: This phase includes assessing the risk, confirming an incident, and determining the best course of action.
Responding: Response involves all elements to contain, eliminate, mitigate damages, recover from, and analyze the threat.
Follow-up after the event: The final phase following a cyber incident involves assessing the threat, learning from it, and applying necessary improvements.

CYBER INCIDENT RESPONSE PLANS PRE-COVID

Pre-COVID, the majority of cyber incident response plans were developed for an on-site workforce in corporate-controlled work environments. After the pandemic hit, organizations were forced to quickly move to a remote-work platform, increasing vulnerabilities and risks for cybersecurity incidents and breaches. As a result, cyber incident response plans are needed to fit the new remote work scenario.

COVID-RELATED CYBERSECURITY VULNERABILITIES

The number and severity level of cyber attacks have increased exponentially since the pandemic began. Cybercriminals have upped their game to tap into exposed and vulnerable networks to send spoofed emails, malicious attachments and links in emails, and register fraudulent domains.

For example:

The H1 2020 Cyber Insurance Claims Report shows a 47% increase in the severity level of ransomware attacks since October 2020 and a 67% spike in email attacks.
Mimecast found approximately 14,000 recently registered, suspicious domains during the holiday season and found between 53 and 87 domains suspiciously registered for a single retailer in just one day.
Mimecast’s 2020 Q3 North America Threat Intelligence briefing showed around 10 million attacks involving a mix of trojans, worms, viruses, and other malicious code reported.
In late October 2020, there was a 30.3% increase in email impersonation efforts and a 55.8% increase in URLs deemed malicious in embedded emails.
Recorded Future showed more than 400 suspicious COVID-related domains were created per day in February 2020, and close to 800 per day were created at the end of July 2020, up from less than 50 per day in January 2020.
The National Cyber Awareness System reported a significant uptake in COVID-19 related SMS phishing, email phishing, malware distribution, and suspicious new domain registration, all with COVID-19 related themes and lures in April 2020.

Cyber vulnerabilities related to the pandemic include the quick shift from in-office to remote work that required IT to move quickly. With the goal of business continuity, which needed rapid migration to remote networks and cloud environments, IT might have bypassed standard security protocols in the process. In turn, cybersecurity was likely weakened, violated, or eliminated.

Additional vulnerabilities include an increase in employees conducting personal business from work devices, using unprotected wireless networks to log on to work networks, and accessing work-related files from personal devices.

ADAPTING CYBER INCIDENT RESPONSE PLANS TO REMOTE ENVIRONMENTS

Large-scale remote workforces are part of the new normal for many businesses. As a result, cyber incident response plans need to be adapted for the long-term. To adapt cyber incident response plans to remote environments, the following steps should be considered:

Develop a response plan for the remote environment
Identify weaknesses
Review current configurations
Implement regular reviews of remote systems
Test adaptations made
Communicate changes
Educate staff
Have cybersecurity insurance in place

DEVELOPING CYBER INCIDENT RESPONSE PLANS FOR REMOTE ENVIRONMENTS

Supporting the remote environment as quickly and efficiently as possible is a vital aspect of a remote work cyber incident response plan.

Organizations should include how cyber incident review or forensics can successfully be conducted for remote systems. Quick collection of IT systems logs is required to respond to potential cyber threats efficiently. When systems are taken offline for remote works, businesses also need to have protocols in place to get staff back online as quickly as they can.

IDENTIFY WEAKNESSES

Testing current remote IT systems with a worst-case scenario cyber event will help to identify weaknesses. After the test, identify what worked and what failed. Then, assign employees or a team to address your cyber incident response plan's weaknesses and gaps.

REVIEW CURRENT CONFIGURATIONS

When looking at current IT configurations, it’s important to identify where risks are increased when the staff is working remotely. If there are preventative protocols that would protect the IT network, such as eliminating the use of USB ports, they should be considered and possibly rolled out to the entire organization when appropriate.

IMPLEMENT REGULAR REVIEWS OF REMOTE SYSTEMS

Consider increasing the number of logs or reviews of remote work IT systems to identify unauthorized or suspicious activity more quickly. Where possible, automate the review process.

TEST ADAPTATIONS MADE

Testing response plans is one of the best ways to reduce the cost of a cyber incident. Any adaptations made to cyber incident response plans should be tested to prepare for an actual cyber incident and take care of any potential gaps.

COMMUNICATE CHANGES

A response plan is only as strong as its weakest link, and knowledge is power. Also, a united front that includes all employees and stakeholders helps to strengthen cybersecurity. Once changes have been made to your cyber incident response plan, those plans need to be communicated with all parties impacted by and involved with the plan.

EDUCATE STAFF

Implementing effective cyber incident response plans is critical and involves educating employees. Employees must understand the necessity of using caution and taking appropriate steps to prevent data breaches and cyber incidents. They need to know what to watch for to identify scams, phishing, and suspicious URLs, as well as how to report suspicious activity and possible breaches.

Understanding the risk associated with opening suspicious links and attachments is also essential. Users opened 30% of phishing messages, and 12% clicked on the malicious attachments or links included in the messages, per the Verizon Data Breach Investigation Report. Opening such attachments or links improves the likelihood of a cyber breach.

Another risk factor associated with the pandemic is the increased stress, distraction, fatigue, and fear employees possibly feel due to COVID. These factors potentially increase the vulnerability of employees to cyber-attacks and human error when working from home.

It is ideal for cybersecurity education to reach employees through various mediums. Webinars, in-person training, email communications, posters, and hard-copy materials are all possible training and educational tools to incorporate into a company’s cyber incident response plan.

HAVE CYBERSECURITY INSURANCE IN PLACE

The purpose of insurance is to mitigate the risk associated with a financial loss. Cybersecurity insurance mitigates risks associated with losses due to a cyber incident.

There are several types of cybersecurity insurance available. Business cybersecurity policy options include:

Network security and cyber extortion/ransomware coverage
Data breach and privacy crisis management
Breach response coverage
Network business interruption coverage
Fiduciary liability coverage
Media liability coverage
Professional liability coverage
Errors and omissions cyber insurance
Reputation management insurance add-on
Bricking cyber insurance enhancement add-on
Social Engineering enhancement add-on

Items covered under certain cyber insurance policies include loss of equipment and profits due to a cyber event. Claims of breach of contract, liability associated with information breaches (e.g., personal and financial information), and ransomware requests and extortion are covered under other cyber insurance policies.

BEGIN YOUR CYBERSECURITY JOURNEY WITH KBI

Cybersecurity response plans for remote environments are here to stay for many organizations. As part of a remote work cyber incident response plan, it’s essential that organizations, regardless of size, have the right types and levels of cybersecurity insurance plans in place.

If you’re in the market for cybersecurity insurance or want to discuss a cyber incident response plan to ensure your organization is covered, KBI is here to help. Don’t hesitate to give us a call, so we can work with you to review your cybersecurity plan and fill any possible gaps for your peace of mind.

Contact us today by submitting our online contact form or calling us at 408.366.8880. We look forward to working with you!

< Older Post Newer Post >

221 Main Street #1462,

Los Altos, CA 94023, United States

408.366.8880

Services

We believe in 100% employee satisfaction

Latest Thinking

Employee Benefits Education for Younger Employees

by Chris Freitas • 23 January 2025

For younger employees stepping into the workforce, navigating employee benefits can feel like deciphering a foreign language. This lack of understanding often results in missed opportunities to maximize benefits and unnecessary expenses for both employees and employers. The solution? Comprehensive education. By helping younger employees understand their benefits early and effectively, employers can empower them to make informed decisions, leading to improved satisfaction, cost savings, and overall well-being. Here’s how employers can take actionable steps to educate their younger workforce on employee benefits. 1. Start with the Basics Young employees, particularly those new to the workforce, often lack foundational knowledge about insurance and benefits. Start with a "Benefits 101" approach, covering essential topics such as common insurance terminology, how group health coverage works, and the importance of enrollment deadlines. Breaking down these concepts into digestible pieces will give employees the confidence to engage with their benefits plans. Providing user-friendly resources like glossaries of key terms, FAQs, and introductory guides can make this foundational education accessible and engaging. 2. Highlight the Value Younger employees are more likely to engage with benefits education when they see personal value. Explain how understanding their benefits can lead to smarter healthcare decisions, financial savings, and even long-term investment opportunities. For instance, show how researching provider networks can significantly reduce out-of-pocket costs or how contributing to a 401(k) early can yield substantial retirement savings. Focusing on tangible benefits helps employees connect the dots between learning about benefits and improving their overall quality of life. 3. Use Varied, Engaging Formats Gone are the days when lengthy handouts and dense white papers were the only options for benefits education. Younger employees respond better to diverse and interactive formats. Consider using: Videos to explain complex topics in a simple, visual manner. Infographics to break down key points. Email series to provide regular, bite-sized education. Interactive webinars for live Q&A sessions. Posters and flyers for quick reminders in shared spaces. By diversifying your approach, you can keep employees engaged while reinforcing important messages. 4. Make It a Continuous Process Benefits education shouldn’t be limited to onboarding or open enrollment periods. Make it an ongoing effort throughout the year. Create a communication calendar to share relevant topics each month, such as how to use telemedicine, when to visit urgent care versus the ER, or how life events affect benefits. Regular education keeps benefits top of mind and helps employees feel supported as their needs evolve over time. 5. Encourage Questions and Provide Support Even with robust educational efforts, employees will still have questions. Ensure your HR team is equipped to answer these inquiries promptly. Designate a dedicated benefits specialist who can respond to emails, attend meetings, and offer personalized guidance. Additionally, consider scheduling one-on-one meetings before open enrollment. These private sessions provide a safe space for employees to ask questions they might hesitate to bring up in larger group settings. Why Benefits Education Matters Educating younger employees about their benefits isn't just about helping them understand health insurance jargon; it's about equipping them to make informed decisions that positively impact their lives and your organization. Employees who understand and value their benefits are more likely to utilize them effectively, reducing unnecessary costs and increasing overall satisfaction. Build a Better Benefits Plan with KBI Benefits At KBI Benefits, we understand the importance of a well-designed benefits plan paired with effective education. Our team can help you craft an attractive benefits package that meets your employees’ needs while providing the resources and support to ensure they know how to make the most of it. Investing in benefits education not only improves employee satisfaction but also boosts productivity and loyalty. Speak with a KBI Benefits agent today to take your team’s performance and well-being to the next level!