How to Plan an Effective Incident Response Strategy?

How to Plan an Effective Incident Response Strategy?

Business

Everyone knows that incidents wreak havoc in many organizations, and those events are inevitable. It may take the form of critical events like violence in education, healthcare or impacting part of security or safety in organizations. It could be damage from a natural disaster or a fire.  

Regardless of the event, do stakeholders in your organization know exactly why incident response plans are critical? 

Why do we need to make these plans at all?  

An essential element of your organization is to quickly resolve an incident. This takes planning. 

The first question in your incident response plan

When creating an incident response plan, there are a lot of pieces that need to be identified, and many steps that will be created.  

Yet, one of the most important steps is asking the question: Why do we do this?  

  • The HBO miniseries Band of Brothers centers around Easy Company, a group of paratroopers from the US Army’s 101st Airborne Division, from the onset of WWII to its final chapters. Among the battles, viewers follow Easy through the landing in Normandy, the Battle of the Bulge in Bastogne, and later taking Hitler’s Eagle’s Nest. 
  • Perhaps most poignant is the 9th installment in the 10-part program, called “Why We Fight”. In this episode, members of Easy Company are patrolling the forest outside of Landsberg, Germany and come across a concentration camp. This is the first time they witness the atrocities committed by Hitler’s Nazis, and the first time they truly realize after years of fighting why they are in the war. 

Although it’s critical, this ‘why’ element is often overlooked or loses its meaning along the way. 

We are conditioned to uphold the needs of the organization for which we work. That is most definitely a critical component. And keeping this at the forefront is useful through every step of the planning process.  

No one knows when an incident is going to happen, but it is an unfortunate certainty that they are inevitable.  

e.g.: Ransomware is projected to cost $10.5 Trillion in damages by 2025. 

It’s not possible to completely prevent such incidents but it is definitely possible to prepare to lessen the impact of these events.  
 
Consider the physical damage from fires, or the emotional damage that is borne from harassment or violence in the workplace. Or it may come in the form of a natural disaster, such as a tornado or a flood. How the organization reacts to these incidents is more important than ever for the safety of your people and assets. 

With any incident, the work is not done when the threat is neutralized

 And this is something that is too often forgotten. A satisfactory outcome is not just one that is resolved quickly. It’s also about the community’s perception. 

How will your response be accepted by the community?

Be it vandalism at a community center, data leakage, fire, or an active shooter it’s critical to remember that an incident will impact a community. That may be: 

  • Parents
  • Public
  • Clients
  • Partners
  • Landlords
  • Tenants
  • Students
  • Providers
  • Management
  • Board members
  • Authority figures
  • Regulatory bodies
  • Committees

Consequently, as you are creating your incident response plan, it’s imperative to ask yourself how your response will be considered by each of the above groups. What are the expected outcomes from these groups? 

Tips for creating your incident response plan

There are several things that can help you when:  

  • Review past event reports. If your organization has not been actively collecting critical event reports, talk to people who have been there longer and have more institutional knowledge. This can be either inside or outside your team. Ask them what worked with past events, but more importantly, what didn’t work. 
  • Check news reports. Do some homework and review both traditional and non-traditional news reports of past incidents. These may be reports that directly impacted your organization, or they may be with other organizations. 
  • Review comments. Many news outlets have a comments section; these are extremely useful for getting an uncensored point of view from the community. Also, look at the comments posted on social media outlets, blogs, and other similar sources to ensure that you have a better understanding of the situation. 
  • Comb through your organization’s social media account. This is a wealth of knowledge because you’ll often gain insights into what may trigger certain members of your community. With these insights, you can extrapolate what may serve as triggers for future event responses. Check with the PR and communication team to see if comments have been removed or flagged. 
  • Meet with your organization’s stakeholders. Ask them point-blank: “If we were to experience an incident or serious situation, what would be the most important thing we should focus on?” Another valuable question is: “What are the important points you would want to remember, and what should our stakeholders remember after the event?” 
  • Review existing agreements between your organization and its stakeholders. This is critical when preparing yourself for any potential lawsuits that could arise when deploying your plan. This can help you identify: 
    • Adequate tasks for specific individuals or teams
    • The proper sequence for steps in your plan
    • The correct information to capture

Don’t discount your gut feelings in an incident response plan

Doing all the background work is essential, but it’s also important to employ your own experience, and your gut instincts. After all, your gut feelings are often correct. They are borne from the ‘fight or flight’ instinct that law enforcement officers rely on all the time for self-preservation.  

Intuition is critical. Make sure your gut instinct is factored into your response plan. 

A solid incident response plan is essential to resolve an incident quickly, safely and with a minimum of collateral damage. Although it may be daunting to start the process, it’s essential to do it carefully so team members can train until their reaction becomes rote. 

With the right approach from the outset and connecting with our organization’s stakeholders will help you develop the most robust protocols. It will also demonstrate to community members and other groups how valuable your team is in the event that a critical incident is triggered

It isn’t just for high visibility events. Even trivial incidents can trigger unexpected and negative reactions.  

Your organization isn’t judged by the incident itself, but by how your organization reacts to the situation

This is why your organization needs careful planning to uphold and preserve the safety of the community. This is why we fight to ensure that.

Originally Posted on Cobalt Intelligence

Katrina Salvatore

Katrina Salvatore a Contributing Editor to Daily 2 Daily News and a member of the team for Digital Marketing. She also runs a blogger community, on very advanced SEM topics.