Incident Response

Dealing with a cyber incident

Have a plan to prevent, detect, respond and recover 

It is good practice to have a Cyber Incident Response Plan in place that sets out the steps your organisation should take to prevent, detect, respond and recover from cyber attacks. Your plan does not have to be complex but it should be clear on the roles and responsibilities of key individuals who can take action. This should not sit in isolation and should be woven into the wider resilience, business continuity and disaster recovery planning. 

Reporting a cyber incident internally

If you suspect that you have been the victim of a cyber attack, it is essential that you act quickly to minimise the risk and impact. Your actions will be critical to damage limitation.

It is important that you know who within your organisation should be notified and how to notify them if you suspect you have been duped by a suspicious email, perhaps clicking on a suspicious link or visiting a suspicious website, or if your device is operating strangely. Exploiting email and browsing remains the most common method of launching cyber attacks and gaining access to organisational networks.

These attacks are designed to both exploit and dupe you into ‘letting them in’. Anyone can fall for phishing attacks—it’s why they are the primary first choice of cyber criminals. It is essential that you don’t delay in reporting suspicious incidents. Do not just switch off the device and/ or walk away in the hope that it will all go away. Action is needed as quick as possible.

Reporting a cyber incident externally 

Depending on the nature of attack you may require to report certain incidents externally whether that be to a regulator, to the Information Commissioner, the police or indeed your customer base if it is their data affected.

You should know who within your organisation has this responsibility, as there should be an organisational plan in place to deal with a cyber attack. Cyber attacks are also crimes and as such consideration should be given to reporting the attacks to Police Scotland (dial 101). In addition, the National Cyber Security Centre (NCSC) can offer advice and guidance on handling incidents.