Understanding the Incident Response phases is very important. Having an incident response plan will help everyone involved perform correctly and within the law during an event.
Depending on the incident and the severity, you could be breaking the law if remediating .
Did you know that if you received a Ransomware notice on your machine and shut it down, you may have just destroyed evidence? Depending on the severity of the attack and if there were exfiltration of data, there may be consequences.
IT Consultants should be very aware of this fact and even more so with Ransomware. If the IT consultant's Client calls the IT Consultant to restore the firm's information as fast as possible, your client’s insurance company may sue the IT Consultant for destroying evidence. Depending on the severity of the exfiltration, the IT consultant's next problem is the state penalties.
Therefore, it is so important to have these discussion.
Any firm that has sensitive information should have an Incident Response Plan. If you use an IT consultant for your IT Services, the IT consultant should have an Incident Response Plan for you, the client, and themselves.