how to use internet.

← Back to Scams & phishing

Defend your organization from business scams

Progress 0 / 12
Chapters (12)

Incident response and corporate policies

Effective incident response and clear security policies are the foundation of organizational resilience. Well-documented procedures, regular training, and practiced response capabilities determine whether incidents are minor disruptions or catastrophic failures.

Incident Response Framework

NIST Incident Response Lifecycle:

1. Preparation:

  • Incident response plan documented
  • Team roles and responsibilities defined
  • Tools and access pre-configured
  • Contact lists maintained
  • Regular training and drills

2. Detection and Analysis:

  • Monitoring and alerting systems
  • Threat intelligence integration
  • Triage and prioritization
  • Initial scope determination
  • Evidence collection begins

3. Containment:

  • Short-term containment (isolate affected systems)
  • Long-term containment (temporary fixes)
  • Prevent spread to other systems
  • Maintain business operations where possible

4. Eradication:

  • Remove threat from environment
  • Patch vulnerabilities
  • Reset compromised credentials
  • Rebuild compromised systems

5. Recovery:

  • Restore systems to production
  • Monitor for recurrence
  • Validate fixes effective
  • Return to normal operations

6. Post-Incident Activity:

  • Lessons learned review
  • Documentation updates
  • Process improvements
  • Communication to stakeholders

Essential Security Policies

Acceptable Use Policy:

  • What employees can/cannot do with company resources
  • Personal use guidelines
  • Prohibited activities
  • Monitoring and enforcement

Email Security Policy:

  • How to handle suspicious emails
  • Attachment restrictions
  • External email identification
  • Reporting procedures

Wire Transfer/Payment Policy:

  • Verification requirements
  • Approval thresholds
  • Dual approval procedures
  • No exceptions clause

Remote Access Policy:

  • VPN requirements
  • Device security standards
  • Acceptable locations
  • MFA requirements

Password Policy:

  • Complexity requirements
  • Rotation frequency (or not, if using password manager + MFA)
  • Password manager usage
  • MFA requirements

Vendor Management Policy:

  • Security assessment requirements
  • Access controls
  • Monitoring requirements
  • Termination procedures

Incident Reporting Policy:

  • What constitutes incident
  • Who to contact
  • Timeline for reporting
  • No-blame reporting culture

Documentation Requirements

Incident response procedures:

  • Step-by-step playbooks
  • Contact information
  • Escalation paths
  • Communication templates

Security procedures:

  • Wire transfer verification steps
  • Vendor onboarding process
  • Access request procedures
  • Password reset process

Training materials:

  • New hire security training
  • Role-specific training
  • Refresher training content
  • Simulated attack exercises

Audit and compliance:

  • Control documentation
  • Evidence of compliance
  • Exception tracking
  • Remediation plans

Training and Awareness

Initial training (onboarding):

  • Overview of threats
  • Company policies and procedures
  • How to report incidents
  • Individual responsibilities

Role-specific training:

  • Finance: BEC, wire fraud, invoice fraud
  • HR: Payroll diversion, credential theft
  • IT: Technical threats, system security
  • Executives: Whaling, deepfakes, CEO fraud
  • All: Phishing, social engineering

Ongoing training:

  • Quarterly security awareness
  • Simulated phishing campaigns
  • Tabletop exercises
  • Lessons from real incidents

Measurement:

  • Phishing simulation click rates
  • Time to report suspicious emails
  • Policy compliance rates
  • Training completion rates
  • Incident response time

Communication Plans

Internal communication:

  • Who needs to know what and when
  • Communication channels
  • Update frequency
  • All-clear notification

External communication:

  • Customer notification triggers
  • Regulatory reporting requirements
  • Law enforcement coordination
  • Public relations strategy

Executive reporting:

  • Incident severity levels
  • Escalation criteria
  • Board notification requirements
  • Regular security updates

Key Takeaways

  • NIST framework provides structured incident response
  • Documented policies establish clear expectations
  • Regular training reduces successful attacks by 86%
  • Practice scenarios through tabletop exercises
  • Communication plans prevent chaos during incidents
  • Continuous improvement from lessons learned
  • Leadership support essential for compliance
Author:
How To Use Internet
Last updated:
11/30/2025