Throughout this ransomware mini-series and other articles I write I refer to important documents you should have, a Cyber Security Master Document, an Incident Response Plan, a Business continuity Plan etc.. Once you have created these documents you need to keep them somewhere and that is something you need to think about carefully.
Before we start – let’s all agree that the three documents I have listed above all will contain information of a sensitive nature, they are all marked “Top Secret”!
The Incident Response Plan
As an example we will look at what you need to think about when storing your incident response plan and suggest some ways it can be stored securely – although similar arguments can be used for any of these documents or any other confidential document your company uses.
Thoughts on Your Incident Response Plan
So what are the issues when it comes to storing your Incident response plan?
- It needs to be readily available to everyone who needs it – or it will be useless.
- Access to the document needs to be controlled and monitored.
- If unauthorised users get access to it – it still needs to be secure.
Let’s address point three first.
Encrypt your incident response plan
It is probable you have produced these documents using Word and Excel (and in our case OneNote as well) all of which can be encrypted easily with a password. Only give the password to those who really need it – team leaders for instance – and then train them in the distribution of the sections of the plan to their teams as they need. You can control role-based access by having different levels of documentation with different passwords.
It goes without saying that only those you completely trust should know the most secure of these passwords.
On to points one and two…
SharePoint
The primary location for storing the document should be in SharePoint or whatever the equivalent is you use. Here you can control and monitor access to the documentation and it is easily available to those who need access.
This works for maintaining these documents and when you are “role playing” or training with them, however, will SharePoint still be available to you and your incident response team during an incident? So you need a Plan B.
Plan B
Save the incident response plan on a suitable portable storage device, such as:
- On your smartphone – I use FE Explorer on my iPhone to store encrypted Word and Excel files.
- A USB drive with encryption. We recommend SanDisk iXpand Flash Drive Go devices as they can be accessed from tablets including iOS devices.
This part of your cyber security planning needs careful management, to control and maintain these assets and documents.
Plan C
Print the documents out and keep them in a secure location offsite. We have a client that keeps their plan at their solicitors, with electronic copies on an encrypted USB device.
The final words…
This is not a complete guide – it is meant to get you thinking. Between your team, your cyber security experts and your operational requirements you need a document storage plan that will meet your needs.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Grimes, R. A. (2021). Ransomware protection playbook. John Wiley & Sons, Incorporated.
Further Reading
Here is what I have to say about paper security:
Where are the boundaries for your cyber security?
And USB storage devices:
If you must use portable USB drives, then you must read this…
Ransomware Mini-Series (2023)
This is part 8 of my ransomware mini-series. Here are the other parts if you missed them:
Ransomware: Is it a Threat? (Part 1)
A Bag of Spanners – Planning and Preparation (Part 2)
Minimise the Damage – Planning and Preparation (Part 3)
Detecting Ransomware (Part 4)
Ransomware – What Not To Do! (Part 5)
Ransomware – The Impact (Part 6)
You and a ransomware resilient back-up (Part 7)
