3 Free Steps to Prepare for Your Next Security Incident
RunReveal CEO Evan Johnson walks through key core steps to avoid chaos and prepare for security incidents.
Security incidents are stressful enough without adding the chaos of working with people you've never collaborated with before. The good news? The most important preparation you can do costs absolutely nothing.
Here are three essential steps every security team should take before an incident occurs.
1. Build Relationships Before You Need Them
The worst time to meet your legal team, communications team, and executive stakeholders is during an active security incident. You need to develop these relationships now, while things are calm. Get to know the people who will be in the room with you when something goes wrong. Understanding how each other works and communicates will make a huge difference when you're dealing with ambiguity and stress.
2. Create Your Incident Response Plan
You don't need an elaborate 100-page document, but you do need clarity on:
- Who will be involved and what their roles are
- Your org chart and who handles what types of issues
- How you'll communicate updates to internal and external stakeholders
- What channels you'll use to keep everyone informed
Having this mental model in place means you won't be figuring out basic logistics while trying to contain a breach.
3. Establish a Shared Philosophy on Transparency
This is the step most teams skip, and it's the one that can make or break your incident response. Security practitioners typically want to resolve the issue, communicate what happened, and move on. But other stakeholders (legal, executives, communications) may have different instincts about disclosure.
The time to hash out these philosophical differences is not during an active incident. Have the conversation now: How transparent will you be? Will you disclose publicly? What's your timeline for breach notifications?
Maximum transparency has consistently proven to be the best approach. Companies that openly communicate about security incidents tend to maintain customer trust far better than those that try to minimize or hide issues.
Don't Wait for an Incident to Start Planning
Whether your incident lasts hours or months, you need a framework for managing progress. Will you meet daily? Multiple times a day? Who makes decisions? Who communicates with customers?
Answer these questions now, build those relationships, and establish your philosophy. When—not if—an incident occurs, you'll be ready to focus on what matters: resolving the issue and protecting your customers.