We understand the specialized markets in which you operate and provide tailored solutions to meet your unique business needs.
Our comprehensive suite of business services combines industry expertise, market knowledge and professional insights.
MNP is a leading national accounting, tax and business consulting firm in Canada.
Suite 2000, 330 5th Ave. S.W.
Submit an RFP
MNP careers are Different by Design. As an entrepreneurial firm, we truly believe there are no limits to where your career can go.
The role of human resources (HR) in a company has evolved from meeting basic employee needs to be responsible for recruiting, screening, interviewing and placing workers. The HR team may also handle employee relations, payroll, benefits, and training. Human resources managers plan, direct and coordinate the administrative functions of an organization. In today’s digital environment, understanding a company’s cyber security processes is a key component of the human resources team, starting with the cyber incident response plan.
Having an up-to-date, tested plan in place is critical to ensure a business survives a cyber breach with minimal financial, reputational and internal privacy harm. Guidelines and policies tailored to the organization will help mitigate the risk of an incident — from ransomware to breaches of personal data (both externally and internally) — damaging future growth.
Cyber Incident Response Plan
A company’s cyber security program should consider the different layers of an incident response plan. A comprehensive review of a plan looks at more than technical details, it also reviews business and organizational processes, holes in policies and other aspects that impact a business.
A cyber incident response plan should include:
The person(s) responsible for the plan should understand cyber security, the severity of incidents and knowledge of best practices to respond effectively. Often a Chief Information Officer is appointed, but usually an organization’s cyber security or IT team lead will be responsible for responding to a breach.
As with any incident plan, roles and responsibilities should be clearly defined and communicated to all key stakeholders to ensure a timely response to control the impact of a breach. Escalation procedures — how to report and mitigate an incident once detected — can then be followed effectively, from a technical and communications perspective.
A clear crisis communications plan enables organizations to maintain their brand reputation by providing timely, accurate information to key stakeholders. It includes what audience the organization should be communicating with, from internal audiences such as the board of directors and employees to external stakeholders such as customers and regulatory authorities. The contact list should be updated on a regular basis and include key vendors, service providers, government agencies and legal contacts.
A thorough plan includes a post-incident process that will evaluate and implement lessons learned after an incident happens. These include:
A plan can look good on paper but fail on execution, endangering an organization’s brand and bottom line. By testing the incident response plan with a table-top exercise, an organization can uncover glitches ahead of time, saving data, money and clients’ good will.
A table-top exercise is a discussion-based rehearsal the entire response team — executives, management, the technology team and communications personnel — participates in, based on scenarios that apply directly to the organization. The facilitator presents the information and asks the team to respond and evaluates how they go from identifying there was an incident to what steps were taken to contain and remediate the incident, the organization’s response and how they put together a communication strategy.
The team will be led through two or three scenarios, then the facilitator identifies holes in their knowledge of the existing plan, what’s in the plan and what needs to be in the plan. The exercise also looks at possible ways the incident happened and what damage it could do to the organization.
Each organization is unique and understanding its business on a comprehensive level is essential to creating an effective response strategy. Understanding the organization’s cyber incident response plan as part of the HR team will help the organization make better informed decisions and act within a context most effective for them.
For more information contact Danny Timmins, National Cyber Security Leader, MNP at
[email protected] or 905.607.9777.
Related Topics:Cyber Security
Suite 2000, 330 5th Ave. S.W.
Find an office near me