888-448-5451 [email protected]

3-Step Checklist

Ransomware incident response plan for executives

Step-by-Step Guide to Managing a Ransomware Incident

As you saw from last week’s audit plan hot spots article, ransomware tops the list of concerns for 2022.  You also noticed how the first half of 2021 had an exponential increase in ransomware attacks.  To ensure you have something you can work with for cyber readiness with ransomware risks, we are giving you an executive 3-step checklist to help you.

Here’s your 3-step checklist to set up a ransomware incident response plan to bring about cyber readiness for your company.

  1. Introduction, policy, and organization
  2. Incident management strategy
  3. Incident response communications

A first glance at the checklist reveals to you that if you have a holistic cybersecurity posture or a business continuity (BC) plan and/or an incident response (IR) plan, you can grab those to get a head start on setting everything up for ransomware (no problem).

Let’s take a deeper look at the three-step checklist items.

Introduction, policy, and organization

The reason for an introduction and setting up policies with the organization in mind is that you need to specify the purpose of your plan, the focus, the goals, and your specific objectives.  It’s essential to identify the plan’s regulations, such as FEMA or OSHA.  You also want to list who gets hard and electronic copies of the plan and set up a schedule for the plan’s revisions.  Don’t forget to set up who in the organization will give authorizations and approvals.

When it comes to incident management strategy and incident response communications, it’s all about setting up clearly how you want to manage ransomware, as well as who is going to be in charge of communicating the management that is taking place when a ransomware attack is happening (therefore the incident response is put into action).

Incident management strategy

What you want to include in your incident management strategy are a defined approach to the ransomware attack, your alternate sources, supply sources, the resources you use for backing up the systems, data, and databases, and all other critical information assets.

Your incident management strategy should also include incident response team roles and responsibilities during and after the event and decide who can backup up primary team members if those members become unavailable.  It’s also essential to document all the actions taken when responding to ransomware activities so that you can have a log of everything.

Incident response communications

For your incident response communication, keep in mind that in addition to defining who needs to be contacted during the incident response, you want to decide on the sequence and frequency of messages amongst managers and employees or other parties involved, such as external security experts.  Have a contact list with all team members, key vendors, law enforcement, first responders, and other government agencies you will need to contact in case of a ransomware attack.  Make sure you also list the contact’s role in the list. Lastly, decide on the conference technology you will use for employees to keep in touch with managers and team members.

With these three-step checklist items, you can rest assured to have a proactive plan to get on top of a ransomware attack and stay operational, which is essential to ensure you don’t lose business.

In our next post, we’ll continue the conversation on ransomware.  We’ll take a look at the actions you can take for post-ransomware attack remediation.  So, reviewing items such as media management, incident response procedures, and conducting a post-event review.

In the meantime, if you need assistance with ransomware security measures, reach out.  Our experts are available to talk about these 3-step checklist items and more to get you ahead of your risks for the rest of the year and for the new year ahead of us.

Schedule a time that works for you here: https://calendly.com/ncxgroup