CT · NY · NJ · Stamford HQ

Incident response (IR) is how you detect, contain, eradicate, and recover from security events. For SMBs, a short written plan beats a binder nobody can find during a crisis.

Minimum IR plan contents

  • Severity definitions (mailbox compromise vs full ransomware)
  • Internal owners and backups (who is on point if the owner is traveling)
  • External contacts: IT partner, cyber insurer, legal counsel, forensics if pre-arranged
  • First-hour checklist
  • Communication principles (staff, customers, regulators—via counsel)

First-hour themes

  1. Stabilize and contain without destroying evidence needlessly
  2. Preserve logs and snapshots when possible
  3. Reset access carefully (attackers often create backdoor accounts)
  4. Escalate to leadership and insurer when thresholds are met

Practice once a year with a 30-minute tabletop: “Finance got a wire change email—what do we do?”

Want this applied to your environment?

Book a free 15-minute review. For a structured baseline, ImpetraInsights™ delivers multi-framework scoring and an executive-ready report.