Expert Tips on Incident Response Planning & Communication

Here are five best practices an organization can follow in preparing incident response communication plans.

Critical events require careful coordination between the incident response team and a variety of internal and sometimes external stakeholders. An incident response communication plan is a crucial component of an incident response plan that provides guidance and direction to these communication efforts. As with other elements of the incident response plan, organizations should develop their critical event communication plan in a calm period to enable sound decision-making instead of attempting to prepare it during the high-pressure environment suitations.

Let’s take a look at five best practices you can follow to ensure that your incident communication plan is as effective as possible.

1.   Formation of  the incident response team and activation process

 The first crucial communication that takes place in the wake of a critical event is the activation of the critical event or incident response teams. Command center Operations or security operations center (SOC) are responsible to activate response teams. The SOC should follow a standard triage process to determine whether the critical event occurred and demands the activation of the full incident response team.

In cases where the SOC determines that team activation is required, time is of the essence.  Organizations should consider adopting critical event management platforms such as Zapoj. Zapoj, Zsuite CEM platform Incident management helps organizations to manage on-call schedules, trigger alerts through multiple communication channels and provide responder status information. Offloading these tasks to a dedicated platform reduces the burden on SOC analysts and increases the speed of convening the incident response team.

2.   Prepare for external communications and point of contact

As soon as word leaks of service disruption because of a critical event, its obvious external stakeholders will begin clamoring for information. The incident response team will be bombarded by requests from customers, the media, regulators and other stakeholders. Crisis communication requires a coordinated response to control rumors and ensure the organization presents a consistent message across communication channels.

Organizations should create a communication role on their incident response team to provide this consistent and coordinated view of the incident to external stakeholders. This person may not be a deeply technical team member but should have enough familiarity with technical concepts to serve as both a translator and filter for the technical information emerging from the response team.

3.   Involvement of law enforcement and criteria for it

      Two of the most crucial decisions facing an incident response team is whether it is appropriate to involve law enforcement and when that notification should take place. These are difficult decisions because law enforcement involvement often changes the nature of an investigation and increases the likelihood of public attention. On the other hand, law enforcement personnel have access to investigative tools, such as search warrants, that are unavailable to internal teams.

Incident response communication plans should address this quandary by outlining clear criteria for when the team should notify law enforcement. The plan should also identify who on the team has the authority to make that determination and what internal notifications should take place prior to involving law enforcement. For example, the team should likely consult with both executive leadership and legal counsel prior to involving the authorities.

4. Develop communication templates for customer outreach

Many critical events  require some level of communication with customers or the general public and an incident response communication plan should account for this. This might be a required notification in the wake of an unauthorized release of personally identifiable information or it might be an explanation to customers of a service disruption. The frequency, quality and content of these communications will have a significant impact on public perception, and these factors work to either limit or magnify the reputational damage associated with a security incident.

That’s why communication templates are so critical to an incident response communication plan. They are perhaps the most important tool that a communication planning team can provide to incident responders. It’s extremely difficult to craft a thoughtful, careful notification message and many people will want to be involved, ranging from account managers and executives to lawyers and public relations experts. Developing pre-approved templates can clear those hurdles in advance, leaving the incident response team to simply fill in the blanks and tweak template language, as necessary

5. Social media monitoring

    Social media is an extremely important channel of communication between many organizations and the general public. Customers are quick to publicly voice their displeasure with an organization by tweeting out a public tongue-lashing. While companies should regularly monitor their social media mentions, this becomes crucially important during a crisis situation .

Rapid and effective communication is an essential component of a strong response to critical events. Solid incident communication plans provide mechanisms for rapidly notifying stakeholders, coordinating internal and external stakeholders and monitoring customer sentiment. These tools improve the organization’s ability to respond and help to minimize reputational damage.

Related posts