top of page

Why does it always happen to HR on a Friday!

Well, it doesn’t, it can happen at any time but let’s take the Friday afternoon example.


Friday afternoon. Work slowing down, anticipation of a relaxing weekend ahead. In fact, you have tickets booked to see your favourite show.

Come on 5 o’clock, well maybe 4 o’clock, it is a Friday after all.

Man in suit, sitting in chair relaxing overlooking scenic view

But then…

Image of computer screen showing ransomware message



What do I do now?

Pull out the incident response plan.

What’s that? You haven’t got one? Oh.

What’s an incident response plan?

A procedure to follow in the event of a cyber incident so everyone knows what to do and who is responsible for doing what. Having a plan in place can help respond to incidents effectively and enable a calmer response.

What’s a cyber incident?

Image of crime scene tape with someone in white paper suit and blue latex gloves holding the tape

The National Cyber Security Centre (NCSC) defines a cyber incident as:

  • A breach of a computer system’s security policy to affect its integrity or availability.

  • The unauthorised access or attempted access to a computer system.

So, in layman’s terms, a cyber criminals is trying or has succeeded in breaching your systems and stealing or encrypting or infecting your data.

Do I really need one?


If your computer systems went down, how would you contact your staff?

Would you pay a ransom if you were infected with ransomware?

What contact number do you need for your IT; is the number you need on the system that you can’t access?

Creating an incident plan is a little like have a fire escape route and assembly point planned out. It makes you consider the actions that you will take in the event the worst happens, and by having an answer to the questions already, means you have one less thing to worry about when potentially you have a serious incident on your hands.

How do you start creating a plan, it seems like a lot of work!

As a starting point we have created a template for you to start building your plan from. You can download it here.

The template contains flowcharts and checklists as well as posters so that your team can see what actions they need to take should they be the first aware of a problem.

Image of title page of the incident response plan template

What else should you do?

Like running fire alarm drills, you should also practice your incident response plan and make sure that it is as good as possible before you need it. You want to be able to sleep through a storm and not worry that your roof is going to be blown off.

We can help you to do this by running business continuity exercises. We use elements of the international business continuity management systems standard ‘ISO/IEC 22301:2019’ as a model to review your continuity planning and includes aspects such as internal and external (customer and public) communications, recovery objectives (tolerable downtime, tolerable service loss), disaster recovery and recovery testing and exercises.

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.

You can contact the Cyber Resilience Centre for guidance and support through our e-mail or use our online booking system to make an appointment with one of our team.

We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

Policing led - business focussed


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page