No business is immune to cyber incidents. Whether it's a phishing attack, ransomware, a data breach, or an insider threat, how you respond in the first hours determines the outcome.
What Is an Incident Response Plan?
An incident response plan is a documented set of procedures to detect, contain, and recover from cybersecurity incidents. It ensures your team knows exactly what to do when something goes wrong — no panic, no guesswork.
The 6-Step Incident Response Framework
1. Preparation
Before an incident happens:
- Document your response plan
- Assign roles (who does what)
- Keep contact lists updated (IT provider, legal, insurance)
- Run tabletop exercises to practice
- Ensure backups are tested and accessible
2. Detection
How do you know you've been hit? Common indicators:
- Unusual system behaviour
- Ransom notes or pop-ups
- Employees reporting strange emails
- Antivirus or EDR alerts
- Unexplained data transfers
3. Containment
Stop the incident from spreading:
- Isolate affected systems (pull the network cable)
- Disable compromised accounts
- Block malicious IP addresses
- Preserve evidence (don't turn off systems — disconnect them)
4. Eradication
Remove the threat:
- Identify the root cause
- Remove malware or backdoors
- Patch vulnerabilities
- Reset all affected passwords
5. Recovery
Get back to business:
- Restore from clean backups
- Verify systems are clean before reconnecting
- Monitor closely for signs of reinfection
- Communicate with affected parties
6. Lessons Learned
After the dust settles:
- Document what happened and how you responded
- Identify what went well and what didn't
- Update your plan based on learnings
- Train staff on new threats
POPIA Breach Notification
Under POPIA, you must notify the Information Regulator within 72 hours of becoming aware of a data breach that poses a risk to data subjects. Your incident response plan should include:
- Who notifies the Regulator
- What information to provide
- How to communicate with affected individuals
Need help building an incident response plan for your business? CT Bedfordview can guide you through the process and help you prepare. Get in touch.