editione1.0.0
Updated October 9, 2023Sometimes things go wrong, and you will need help. The thing you can do now to help future you is to make that contact list now of who you would need to contact. To get started, start with a very simple spreadsheet or document (that is stored in a central place, like a shared drive) and list out all the key roles and people involved (if it is outsourced to someone else). This may include:
email administrators
website and domain administrators
your country’s Computer Emergency Response Team (CERT), for example the US Cybersecurity and Infrastructure Security Agency (CISA)
local police, or a specific team within your police department that deals with cybercrime or computer crimes
lawyers
insurance companies (if covered for technical or cybersecurity coverage).
confusion When calling groups like CERT or police, every country is different. There might be different groups involved to help with security incidents, or the jurisdictions might be different if there are local or national groups involved. If you are unsure, start with local policy and ask where you can go for help. It might not be them, but they might be able to refer you to specific national groups or other specialized groups who can assist. If you reach roadblocks with your local police, try finding your country’s CERT organization. Some of the larger ones, like CISA, might be slow to respond, though, so don’t rely on them for immediate support.
The last group you want to add to that list is a local IT support group. If you already have a managed service provider who handles your email, website, and domain administration, they might be able to fill this role for you. If not, you will want to find a group that can:
provide immediate support during a time-sensitive incident
help with restoring any devices or systems from backups
reset access to accounts or systems to kick an attacker out
help with taking copies of evidence that could be used to support any reports you open with police or CERT groups.
It is best to find this group now, rather than later when you are going through an incident. This way you can agree terms and rates up front, and you can skip that usual first step of getting to know each other and get straight to problem solving when the time comes.
You will need to set some lightweight processes for how you manage people inside the business as well as those outside the business. This includes people who are hired, as contractor or permanently, as well as those who leave.
Managing new starters is easier than managing leavers. You want to start small on access, and add over time. If you run into problems where they don’t have enough, it is less risky to open access up rather than try to claw it back when you notice them (accidentally or intentionally) misusing this access.
Leavers are a bit harder, and it helps to have the process clear beforehand. The best tool at your disposal here is a quick onboarding and offboarding checklist. You can store it anywhere—in a task management tool, or on a document stored on your computer. So long as it is something easy for you to pick up, create a unique copy for a specific person, and save it for your records, it should work fine.