Featured Image

Your Incident Response Plan depends on Talent Acquisition

If you are a Havoc Shield client, we hope you've rolled out an Incident Response Plan in the Policy Manager section of the platform.   Whether you accept our battle-tested templates outright, or you choose to make some surgical modifications, it's important to get the plan into the hands of those who will participate in it.  You know the drill: planning for the worst, hoping for the best, as they say.  If you aren't a Havoc Shield client, we hope you've rolled out a similarly battle-tested plan.

With your plan in the hands of your team members, now is also a good time to talk about the hidden connection between Incident Response Plans and Talent Acquisition.  Especially if you are at the type of company that we typically serve - angel-backed, venture-backed, and growth companies.

Average Job Tenure at Growing Companies

What's the average tenure of employees at your growth company?  That's a trick question, if it wasn't obvious.

Yes, you can use your HR software to export the start dates of all employees and mathematically calculate the average tenure.  Ba da bing.  But, in a rapidly-growing company, each year there is more that changes than stays the same, and it's anyone's guess what the team looks like 12 months or 18 months down the road.  People will come and go, including (sorry to be the bearer of bad news) some of the senior people that have the most critical hand in guiding the company through any information security incidents that might occur.  Yes, the people named in your Incident Response Plan are susceptible to churn -- as their interests and needs evolve, and the company's strategy and needs evolve.

So, it's time to get strategic about the fact that your Incident Response Plan and your Talent Acquisition efforts are intertwined.

Talent Acquisition, Coverage, and Succession Planning

When you review your Incident Response Plan and consider changes, one of the most important actions that you can take is to ensure that every person named as a coordinator in the plan also has an understudy.  If your VP of Client Success is responsible for client communications in the case of an incident that impacts clients, work with the VP of Client Success to identify the second-best person to carry on those responsibilities and ensure that the backup coordinator has seen and understands the plan.  This approach helps to bolster your organization's incident response readiness in any/all of the following situations:

  • Unexpected resignation of a key employee
  • Unexpected termination of a key employee
  • Short-term unavailability of an employee (e.g., medical leave)
  • Gap where a key role is unfilled due to departure of the prior employee, and incomplete recruiting of the replacement

In short, whatever happens in terms of employee arrivals, departures, leaves, etc., you put yourself in a strong position when you take a diligent approach towards identifying an "alternate" for every coordinator named in the plan.

Incident Response Plan: Wrapping Up

Your company's incident response plan is likely to sit mostly idle for months or years.  Your occasional updates will tend to be incremental, often focused on adding/editing/revising the incident coordinators that take responsibility related to a particular function area.  However, the day that an incident occurs, you'll be very glad that you started with a battle-tested template and that you've kept it up-to-date -- and that you've prepared alternate coordinators in each function area in case one or more primary coordinators are unavailable.  The interplay between your infosec plans and talent acquisition are a big part of what sets you up for success to smoothly pull together as a team in the face of an concerning and urgent information security incident.


Other posts