Did You Know 2022

Did You Know That Having an Incident Response Plan Can Protect your Business?

Authored by David Carroll 

Welcome back. This week, we look at setting up incident response in your pharmacy. 

What is Incident Response?

Incident Response is the steps taken to address an incident. To understand Incident Response, you must know what an incident is and the difference between an event and an incident.

  • An Event is a change of state observable in a network, system, or application. An event can be a user accessing a file, a web server receiving a request for a web page, a user sending an e-mail, or a firewall blocking a connection.
  • An Incident is a change of state caused by an adverse event with negative consequences. An incident can be a system crash, a denial of service, unauthorised use of system privileges, or unauthorised access to sensitive data.

Why do you need an Incident response plan? 

All organisations should have an incident response plan.
Your actions in the first 24 hours after discovering a cyber incident or data breach are often crucial to the success of your response. A quick response can substantially decrease the impact on your business and on any affected patients.
An Incident Response plan can also help you:

Incidence 1

What Are the Recommended Steps for an Incident Response Plan?

Incidence 2

How Can I Get an Incident Response Plan? 

Corum Cyber Defence customers are provided with a cyber incident response policy and assistance when an event or incident needs investigation. If you are not yet a cyber defence customer, I recommend adopting one of these templates below and creating your incident response plan.

  • The Office of the Australian Information Commissioner has a downloadable “Data Breach Action Plan” that can serve as a simple start of a plan. You can access it here
  • The Australian Cyber Security Centre (ACSC) provides a word template you can use as a starting point. You can access it here. This template is potentially over complicated for a small business. I recommended removing sections you are not likely to use.
  • The Victorian Government provides a similar plan to the ACSC. You can access it here. 

What do I Do Once I Have a Plan?

In large organisations, it is best practice to make sure that the incident response process is known by all key staff and those that would be expected to help during a breach.
Once you have a plan, I recommend you get with your key staff, run through some scenarios, and make sure everyone understands their responsibilities. This can help you think through things you might need and take actions (Preparations – Step 1) to get ready to respond.
You should also ensure that the plan is printed out and placed in a spot in the pharmacy where you can grab it if an incident occurs. Keeping it on a computer just infected with ransomware is not good.
Last, ensure your key staff understand what they need to do if the incident occurs when you are not there. Do you want them to call you? Do you want them to call your IT provider? Discuss it with them at least once every few months so new staff are informed, and long-term staff are reminded.

If you are worried about the security of your pharmacy systems and want to know how you can implement strong security in your pharmacy and protect yourself from ransomware, speak to your Corum Customer Success Manager or contact us on 1300 669 865.