You spent valuable time and resources crafting a cybersecurity breach action plan. You’ve assembled a multidisciplinary response team. You’ve identified who is responsible for what, and what decision-tree will go into effect. The plan has been circulated. You’ve even engaged a separate law firm that will be on call in the event of a breach. You’ve done the same with a PR firm, a private investigator and data breach hit squad.
But if the action plan stays put on a shelf, it isn’t really of much value. Smart companies run a tabletop exercise, where first responders sit at a conference table and run through what will happen in the event of a breach. But really smart companies do something more – they take their efforts out of the conference room and into the real world. Breaches involve stress, panic and urgency. It’s not the time to be opening a binder and flipping through tabs for instructions. All those with responsibility for securing the breach need to be battle tested.
Just as fire drills are mandated safety requirements, breach drills should be mandatory training for your team. These exercises bring to light the weaknesses, if any, inherent in your breach response plan. These drills take a good plan and refine it into a great plan.
The key to testing the plan is making your drill as realistic as possible. Notify responders there will be a drill, but not when it will happen. Then, perhaps on a weekend, unleash a hypothetical and set things in motion. Designate several observers to follow the drill to see how closely actions hew to the plan. Document what went right and what went wrong so adjustments can be made later. Continue reading