Tip 6: A plan for when it all goes wrong

The text "security tips for your organisation" on a blue/green background.To the right is a silver shield and padlock.In the background are dots linked by lines suggesting a network.
🛡️
This post is one in a collection of tips to help you protect yourself, your business, or your organisation online. The series was published from 23rd June 2025 over two weeks and you can view other posts in the series here.

Sometimes, things go wrong - be that a flat tyre when you have an important meeting to get to or a cyber security incident. Having an incident response plan for your business, along with business continuity and disaster recovery plans, will help your organisation recover as quickly as possible.

Your plan doesn't need to be complicated. In fact, the simpler your plan is the more easily you'll be able to follow it in times of stress (like when your business is mid-incident). Your incident response plan should cover details of how you will identify the problem, contain the incident, and how you'll communicate with affected staff and customers. If your organisation needs it, your plan should describe incident severities and what levels of seniority will be involved (e.g. for the most severe incident you may include the CEO early, whereas for a stolen laptop you'd possibly stop at the head of IT).

Complementing your incident response plan should be a business continuity plan (BCP) that explains how the business will continue to operate during the incident. A disaster recovery plan (DRP) is a document that defines the actions the organisation will take to get back to normal working.

Across these three documents, you should consider:

⚠️ How colleagues can report incidents (or suspected incidents) to the relevant team.

🏢 What to do if access to your offices is cut off.

🙋‍♀️🙋 Where and how your teams will work during the incident.

🔊 How you'll communicate with everyone.

🕰️ How often updates will be made (to your own people, your customers, investors, the press).

🚔 When and how law enforcement and any regulatory bodies will be informed.

📦 How you would contain the incident, to stop things getting worse.

📝 How you will record decisions, timelines, and how evidence will be preserved.

Testing your plans

Once you've got your plans it is worth testing them with a mocked up scenario. Your goal is to identify any problems during this testing, and then fix them, so in the event of a major problem your teams know what to do. For a small organisation, this might be a simple case of working from somewhere else and hot-spotting / tethering to a mobile phone. Larger organisations may have more in-depth scenarios with multiple people doing different roles.

Remember to test your plans regularly. At least once a year, but preferably more often to ensure everyone is confident they can react well should the need arise.

I've written about the benefits of testing your plans before in my series on wargaming (2021). I also made a post about testing your business continuity plan (2019).


Banner image: Generated by Google Gemini from the prompt "Generate a new banner image. There should be a dark background with a network of nodes overlaid. A shield and a padlock should be on the right, on top of the nodes. On the left should be the text "Security tips for your organisation". That exact text should be used. Make the network nodes have a green and blue gradient."

This post was also shared via LinkedIn as post from my company, Jonco IT & Security Ltd.