How to Respond to a Cyber Attack

This article originally appeared on IndustryWeek. Guest blog post by Traci Spencer, Grant Program Manager for TechSolve, Inc., the southwest regional partner of the Ohio MEP, part of the MEP National Network^TM.

This article is the fourth installment in a five-part series outlining best practices when it comes to “Cybersecurity for Manufacturers.” These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.

In part three of the MEP National Network five-part series on “Cybersecurity for Manufacturers,” we shared the mechanisms you can use to detect a cyber attack or an information security breach. Now that you are aware of the right tools to detect a threat, it’s time to plan your response strategy.

The Clock Is Ticking When a Threat Is Detected

Don’t wait for a hacker to strike before developing your incident response plan. For smaller manufacturers, even a small security breach can have an enormous impact on their operations. Taking action immediately will empower you to better contain or reduce the impact of a cyber attack.

Develop a Plan for Information Security Incidents

When developing your response strategy, consider the immediate actions you and your employees will need to take in case of an incident. 

Your response plan should include:

Roles and Responsibilities

• Who: Make a list of who to call in case of an incident. It’s critical you know who will make the decision to initiate recovery procedures and who will be the primary contact with appropriate law enforcement personnel.
• What: Make sure you have a plan for what to do with your data in case of an incident. This may include shutting down or locking your computer systems, moving your information to a backup site, and/or physically removing important documents and sensitive materials.
• When: Determine when to alert senior management, emergency personnel, cybersecurity professionals, legal council, service providers, or insurance providers. Be sure to include all relevant contact information.
• Type: Your response plan should clarify the types of activities that constitute an information security incident. Include incidents such as your website being down for more than a specified length of time or evidence of information theft.

Know Your Notification Obligations

Be aware that many states and countries have notification laws that require businesses to alert customers if there is a chance their information was stolen, disclosed, or otherwise lost. Familiarize yourself with international, state, and local laws regarding notification obligations and include that information in your response plan.

Also include instructions on when to notify appropriate authorities. You should contact your local police to file a report if there is a possibility that any personal information, intellectual property, or other sensitive information was stolen. You may even consider contacting your local FBI office, depending on the magnitude of the information security threat.

Most importantly, you and your employees should know your role in your cybersecurity response plan. Develop procedures for each job role that describe exactly what the employee is expected to do if there is a cybersecurity incident.

When everyone understands their role in your response plan, you can act swiftly and mitigate the potential damage. Once things are under control, you can implement procedures you develop to recover from an attack, a process we’ll outline in the final installment of our series on “Cybersecurity for Manufacturers” from the MEP National Network.

For more advice on cybersecurity best practices for manufacturers, contact the cybersecurity experts at your local MEP Center.