In addition to these important incident response concepts, your organization should also prepare for any specific technical response. In some cases a technical response can be managed by internal IT staff or system administrators. For example, if an email account appears to have been hacked, your account administrator should be prepared and able to shut down or disable the impacted account. Some technical incidents, however, might require expertise that you do not have within your organization. For situations like these, it is important to identify a trusted list of external technical experts who can assist you in your incident response. In some cases, you may want to pre-negotiate terms with service providers (such as your website host or an IT consultant) to ensure that they are available (and would not charge extra) for such technical incident response.
Last but certainly not least, you should consider legal steps. Understanding the legal protections you might have, as well as the legal obligations or consequences your organization might face as a result of a data breach or other security incident, is important. A first step can be to identify trusted legal counsel that understands your country or locality’s specific laws and regulations. Take time to review possible incidents with relevant legal counsel if necessary, and make a plan for what you would do in response. It is a good idea to make an agreement with this trusted counsel to represent you and your interests if needed in the aftermath of an incident. As part of this legal preparation, make sure that you understand the legal obligations of any vendors or partners. Are they required to notify you in the case of their own data breach? What support (if any) are they required to provide you in the case of an incident? As you develop contracts and agreements with external vendors, keep the possibility of a data breach or other incident in mind.
While there is no one-size fits all approach to incident response, having clear operational, communications, technical, and legal plans in place is essential. As you put together your incident response plan, we strongly encourage you to make use of some excellent existing resources, designed to help civil society organizations and other high-risk groups navigate incident response. These resources include the Digital First Aid Kit developed by RaReNet and CiviCERT, PEN America’s Online Harassment Field Manual, the Belfer Center’s Cybersecurity Campaign Playbook and Cyber Incident Communications Plan Template, and Access Now’s Digital Security Helpline.