The ConnectWise Incident Response Guide
A new survey of 2,400 IT and security professionals conducted by The Ponemon Institute on behalf of IBM finds 66 percent of respondents say their organization is not prepared to recover from cyber attacks. A growing trend is to let MSPs handle cyber attacks and other critical incidents. Those with experience have an incident response plan in place to cope with any disruption to their business.
As an MSP do you have an Incident Response Plan in place?
The goal of this blog is to bring forth some ideas on perfecting your incident response plan through ConnectWise and critical alerting.
PRE-INCIDENT PREP WORK
SETTING UP ALERTS
The beginning of an incident is perhaps the point where you have the most control. Most systems that are under your care will send off an alarm if something is not right. Most of these notifications are in the form of email. Emails, however, are not effective as most inboxes bury important alert. Emails tend to be easily ignored because they don’t come with a blaring audible alarm that draws your attention. Any system that sends off an email notification should be integrated with a monitoring tool or an alerting app that can be accessed using any smartphone, anywhere.
BE SMART – USE A SMARTPHONE
Smartphones are a miracle to those who work with random things that go bump in the night. The alternative is the antiquated pager. Pagers are unable to continue alerting until the messages are read. Smartphones, on the other hand, are readily available. Let’s face it, who today doesn’t have a smartphone? Furthermore, they can host apps that act like pagers.
While there are a lot of pager apps out there the key is to get one that continues to broadcast the alert until it is read so that a response is ensured. Moreover, if the recipient of the smartphone message is unavailable when the page is originally sent, smartphone applications can ensure that the notification continues until read. This is not the case with pagers which are often missed if the intended recipient is unavailable or out of range.
CATALOG AND MAP EVERYTHING
The first thing you need to do is inventory your prospect’s business processes. Ask your prospect to describe the company’s overall business model. Then assess the contribution of each IT application to the model. This will tell you what kind of protection you need to provide and expose any related applications that will need to be protected in kind.
To protect your prospective customer’s business, it’s vital that you take a high-level, business view of these operations.
A seasoned MSP draws a lot of information on how to deal with incidents from past experiences. In order to have a catalog of all your clients past incidents, you need to document them. They best way to do this is by using a ticketing system like ConnectWise that tracks the progress of the incident and everything that happens to it until it’s resolved. No Incident response plan is complete without clear documentation of the policies and procedures—and personnel (including you) -- charged with carrying them out. It’s crucial to get customer buy-in during this phase, including provisions you’ll include for testing in the near term and auditing at regular intervals.
To read more download the white paper