888-448-5451 [email protected]

3-Step Checklist

Ransomware incident response plan for executives


As you saw from last week’s audit plan hot spots article, ransomware tops the list of concerns for 2022.  You also noticed how the first half of 2021 had an exponential increase of ransomware attacks.  To ensure you have something you can work with for cyber readiness with ransomware risks, we are giving you an executive 3-step checklist that can help you.

Here’s your 3-step checklist to set up a ransomware incident response plan that will bring about cyber readiness for your company.

  1. Introduction, policy and organization
  2. Incident management strategy
  3. Incident response communications


A first glance at the checklist reveals to you that if you have a holistic cybersecurity posture or a business continuity (BC) plan and/or an incident response (IR) plan, you can grab those to get a head start on setting everything up for ransomware (no problem).

Let’s take a deeper look into the three-step checklist items.


Introduction, policy and organization

The reason for an introduction and setting up policies with the organization in mind is because you need to specify the purpose of your plan, the focus and the goals, as well as your specific objectives.  It’s important to identify the regulations that govern the plan, such as FEMA or OSHA.  You also want to list who gets hard copies of the plan, electronic copies, and set up a schedule for the plan’s revisions.  Don’t forget to set up who in the organization will give authorizations and approvals.


When it comes to incident management strategy and incident response communications, it’s all about setting up clearly how you want to manage a ransomware, as well as who is going to be in charge of communicating the management that is taking place when a ransomware attack is happening (therefore incident response is put into action). 


Incident management strategy

What you want to include in your incident management strategy are a defined approach to the ransomware attack, your alternate sources, supply sources, and the resources you use for backing up the systems, data and databases, as well as all other critical information assets. 

Your incident management strategy should also include incident response team roles and responsibilities for during and after the event, as well as deciding who can backup primary team members if those members become unavailable.  It’s also very important to document all the actions taken when responding to ransomware activities so that you can have a log of everything.


Incident response communications

For your incident response communication, keep in mind that in addition to defining who needs to be contacted during the incident response, you want to decide on the sequence and frequency of messages amongst managers and employees or other parties that are involved such as external security experts.  Have a contact list with all team members, key vendors, law enforcement, first responders and other government agencies that you will need to contact in the event of a ransomware attack.  Make sure you also list the contact’s role in the list. Lastly, decide on the conference technology that you will use for employees to keep in touch with managers and team members.


With these three-step checklist items you can rest assured to have a proactive plan to get on top of a ransomware attack and stay operational, which is most important to ensure you don’t lose business.


Our next post, we’ll continue the conversation on ransomware.  We’ll take a look at the actions you can take for post-ransomware attack remediation.  So, reviewing items such as media management, incident response procedures, and conducting a post-event review.


In the meantime, if you need assistance with ransomware security measures, reach out.  Our experts are available to talk about these 3-step checklist items and more to get you ahead of your risks for the rest of the year and for the new year ahead of us. 

Schedule a time that works for you here: https://calendly.com/ncxgroup