Hands down,
the worst time to create an incident response program is when you are actually
having an incident. You can’t undo what has happened and you’re in crisis mode
dealing with the after effects of the breach.
Not the time
to be putting policy to paper.
Your
reputation is severely at risk, and if you respond inadequately you risk making
it worse with law enforcement as well as your customers. Act as if a breach is
inevitable and take the time to develop the language and procedures you will
use in the event of an incident to ensure you’re prepared when the time comes.
No comments:
Post a Comment