Benjamin Hosack
2 min read

Incident Response and Fire Drills

How regularly does your business conduct fire drills?

 - weekly - monthly - quarterly?

Fire drills are an accepted and necessary procedure to help organisations keep their people safe – accepted by the executive board as an intrusive, but necessary part of running a successful, happy, safe business.  

Fire can be devastating – potentially life-threatening and definitely disrupts business operations. While data theft cannot be put in the same “life-threatening” category of fire, it certainly can cause a huge disruption to the health of a business – ask the ex-CEO of Target, ask the executive team of Sony, Home Depot, Michaels, Niemann Marcus, Dairy Queen…. and so the list goes on. 


High profile businesses, as well as small, large and any size business in between are getting hacked daily – in a recent industry dinner we made the point to the other guests that our forensic team has never been so busy helping victim organisations.

During this month of January 2015, we have managed over 75% of the number of cases forensic investigations on hacked businesses that we managed in the whole of 2012 – and 2012 was a busy year for us!  That's a staggering thought - especially for us.

Thinking that it will not happen to your business is an easy mistake to make.

Savvy businesses are investing time and effort into testing their security systems and preparing for the worst-case scenario – a full data breach. If you haven’t formalised your Incident Response Plan, some of the questions you should ask your executive team are:

  • Who would form the core team to manage the incident?
  • Who in the executive team would have responsibility? Home Depot’s situation was managed by their CEO. Would your CEO have the time, ability and knowledge on how to handle the situation?
  • Do you have a specialist, experienced PR firm to support you – an organisation that understands payments, data compromise and the implications of the situation for your business?
  • Do you have a lawyer who can understand your business, your potential liabilities and be able to defend you? Quickly?
  • Do you have a forensic team that you know, trust and can rely on? A team that you have vetted? 

Incident Response should be managed much in the same way as fire drills – you need to practice regularly so that your business has an automatic plan to kick into action as soon as you have a problem.

For more information on Incident Response Planning, you can download our free guide below:

Click here to download our  Incident Response Planning Guide


Subscribe to our Blog

Contact Us

Access cybersecurity advisory services


Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.