Going back to the Gramm-Leach-Billey Act of 1999, FDIC requirements for safeguarding customers’ personal information have also included regulations for banks to have a procedure in place for responding to security breaches, commonly known as an Incident Response Plan (IRP). In recent years, digital attacks have not only become the most common security threats, they are becoming more prevalent and widely publicized.
As these cybercrime threats – especially ransomware – increase in number and reach, consider updating your institution’s IRP. While the FDIC hasn’t updated the minimum requirements for IRPs since 2005, BankNews.com offers tips for other must-have components of your next IRP. Following is a brief overview of these suggestions:
- Summary – outlining the remainder of the plan to ensure that readers have a good understanding, whether or not they fully read the remainder of the document;
- Preparations – identifying the response team, your institution’s IT inventory, and law enforcement contacts;
- Identification – defining what constitutes a data breach and noting risk triggers that should send the plan into action;
- Containment – mitigating the threat or risk once your IRP has been set in motion;
- Eradication – removing threat itself;
- Communications – reaching out to management, law enforcement, media, and the public;
- Recovery – evaluating the aftermath of the attack and noting changes that need to be made, both immediately and long-term;
- Lessons Learned – assessing both your information security and how well your IRP worked.
Like medical and disaster procedures, your institution’s IRP is only as good as your preparation. Don’t let the first real threat following a new plan act as the experiment for whether your plan will be successful. Testing your IRP and ensuring the response team’s preparedness for a real attack will help you identify any potential kinks in a new plan before it’s too late.
For detailed information about these components, read the full article.
Additional Source: FDIC