By Matt Riley, Quality and Compliance Director at Complete I.T., Data Protection Lead at Sharp
When people think of Information Security, it’s assumed that it is all IT related. While IT teams/partners have a part to play in the cyber security element of this, there is so much more to it.
Incident Reporting – Why it’s not just IT!
As a Quality and Compliance Director, I have often received requests to help clients put together an incident response for all types of incidents, but this proves challenging as there are so many types of incidents – inside and outside of IT.
In this instance, my suggestion is to not worry about the granular detail until an incident has occurred, but ensure you have a good process in place to be able to deal with an incident, should one occur. This covers all bases, but all businesses should still have a business continuity plan for those major events!
So, what should businesses do when putting together an incident report plan?
All businesses should have someone nominated to coordinate everyone involved during an incident. A person from each department should be allocated to then deal with the incident, should it occur in their area, or it be related to their area.
For example, I coordinate and document incidents but, if it involved a HR system being compromised, I’d look to our HR Manager for assistance. Knowing who to turn to in times of need is critical following any incident.
Have a formal incident reporting procedure in place
Every organisation should have a documented way to report and record all incidents. There is a legal timeframe in place to report potential GDPR breaches to the Information Commissions Office (ICO), so having a reporting mailbox which is not regularly monitored is insufficient.
Assess the incident
Once an incident has occurred you need to understand the potential risk as soon as possible. This is where having those experts to hand really helps, especially if the breach is high risk. For example, if there was a ransomware attack on a Friday afternoon, it is not legally acceptable to just wait until Monday – if you are concerned data has been stolen or put at risk, you must report it to the ICO as soon as possible.
The other strand to this is that not everything needs to be reported to the ICO – only if it poses a risk to the individual. Businesses needs a mechanism in place to decide how risky the breach has been and only report it if necessary. As an IT support partner to our clients, we can potentially highlight the data which might have been stolen or accessed, but it would be up to our client to determine how damaging that could be to the individual.
Learn from the incident
Incidents will always happen. You could have all the best technical solutions in place, but one person clicking on a dodgy link could compromise that all.
As a part of an investigation into an incident, businesses should look at what they can learn from the incident and put the appropriate controls in place to prevent it from happening again. In addition to this, looking at the types of incidents that happen over time can also help them better understand any potential weaknesses and what they could do to protect themselves.
So, what can we do to help?
At Complete I.T., we use Microsoft Forms, Microsoft Power Automate and Microsoft Excel to report and record incidents. Microsoft Power BI is also a great tool to look at overall trends and provide learning opportunities. As a Microsoft Partner (we are currently in the top 1% of Microsoft partners worldwide), all of these can be easily implemented to our clients to ensure their incident management is in order.