Have a Plan

October, 20, 2021

The National Institute of Standards and Technologies (NIST) has a standard for responding to any incident. It consists of five steps: preparation, detection and analysis, containment, eradication and recovery, and post incident activity. This is the basis for the UW-System Incident Response Policy. While this works for large systems, I find it easier to simplify this for personal use. There are two things to consider, planning and action. Today, I’ll focus on planning.

Here are a few things to consider as you build a personal plan:

• Keep a list of key contacts outside of your technology. We all rely on our contacts to communicate. What would happen if you did not have access? Do you even know your family’s phone numbers?
• Save a printed copy of a recent credit report. This contains all the accounts you have along with contact information.
• Keep key usernames and passwords written down and stored in a secure place. I am a big fan of password managers, but what happens if you loose access? Can you get into key accounts? Keeping a list of backup codes for sites using multifactor authentication is also a good idea.
• Have a list of phone numbers for your bank and key contacts. Think of this as your emergency contact list. Keep it short and keep it handy.

It is also a good idea to test your plan. One common technique used my security professionals is a tabletop exercise. This can be as simple as sitting down with your close family and talking through what you would do in the case of an incident. What would you do if you ran over your cell phone, had your wallet stolen, had your Google account hacked, noticed fraudulent activity on your bank statement, lost your home due to a natural disaster? Will you have the information you need available? 

As we move more of our lives online, these are important things to consider. 

Return to Information Security News and Information