• Home
  • Why We Stage Security Incidents and Why It Matters for Your Business

Why We Stage Security Incidents and Why It Matters for Your Business

Grand Rapids IT Security Incidents
Post Date: November 10, 2025

Why We Stage Security Incidents and Why It Matters for Your Business

Every managed service provider prepares for the worst and hopes for the best.

It’s common for MSPs to have policies and procedures in place for various security incidents, but when an attacker strikes, how will your team act?

At Hungerford, we have quarterly tabletop exercise meetings designed to test our team’s knowledge of procedures and policies so we’re ready before disaster strikes. Additionally, it’s a good time to test whether those same procedures and policies are effective and to identify any necessary adjustments.

It’s not meant to shame or judge anyone on our team, but instead, we want to ensure everyone knows what to do in each given scenario and see if there are procedural gaps that need to be ironed out.

IT is a rapidly changing industry. Quick technological advances mean what we did six months ago may be obsolete. We continually strive to enhance our services and safeguard our clients by continually expanding our education.

So, let’s talk about how these tabletop exercises work and what value we gain from doing them.

How Does Tabletop Exercise Work?

One of our employees acts as the facilitator while three others (a member of the security team, support team and sales team) are the “players.”

The facilitator outlines the scenarios and asks the players what they would do in a given scenario.

You can think of the scenarios as a choose-your-own-adventure book. The decisions the players make will have consequences, and there will be unforeseen twists and turns they will have to react to in real time.

They’ll have to think on their feet and adapt as the scenario unfolds, just like a real-world security incident.

What are Some of the Scenarios?

During our most recent tabletop exercise, we covered two scenarios.

While not incredibly common, tabletop exercises are becoming a vital part of an MSP’s offerings. Writing down policies and procedures is a good start, but reenacting various scenarios gives our team real-world experience so they know how to respond to a real incident.

  • Suspicious login from Canada: An employee logged in to their Microsoft account from Canada. The employee was taking a vacation in Canada but has since returned to the United States. Is this a legitimate login attempt or a compromised account?
  • Client in limbo: A new client is onboarding with us, but its former MSP quit before we could officially take over. However, an employee needs access to their email. The go-live date with the new client isn’t until next week. How do we handle the employee’s request to get access to email before we’re formally in charge?

After each scenario has played out, a quick discussion allows the players to ask questions or suggest changes to policies or procedures. What went well? What didn’t?

What’s the Value in Doing Tabletop Exercises?

While not incredibly common, tabletop exercises are becoming a vital part of an MSP’s offerings. Writing down policies and procedures is a good start, but reenacting various scenarios gives our team real-world experience so they know how to respond to a real incident.

Here are the top four reasons why we implement tabletop exercises.

Improved incident response: Because we’re simulating real-world scenarios, not only do our individual team members get practice in their response, but our team can identify gaps or weaknesses in the plans. We want to improve the plan before a real incident occurs.

Enhanced preparedness and collaboration: Since we have players from multiple departments, these exercises help clarify roles and responsibilities. We work as a team to solve the issue as we investigate the problem and communicate updates with the client.

Increased confidence and awareness: You know what they say: Practice makes perfect. The more practice our team gets in handling security incidents, the better prepared they will be. Additionally, they’ll be more aware of different kinds of security incidents.

Continuous improvement: While we have policies and procedures in place, they can always be better. These exercises help us recognize those weaknesses and improve, enabling us to better serve our clients. Furthermore, technological advances often help us increase efficiency.

IT Services in West Michigan

An MSP that runs tabletop exercises will be more prepared for the next incident. Do you need an MSP that knows how to operate during a crisis?

Contact us to schedule a consultation. We’ll discuss how we can help keep your business running smoothly while increasing productivity, security and profitability.

Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.

Get Support
Subscribe To Our Newsletter

Share this post

Related Posts

Detection and Response Grand Rapids IT Services
06Nov

Why Small Businesses Can’t Skip Detection and Response Anymore

Modern security isn’t just about preventing fires; it’s about knowing... read more

Configure Your Video Conferencing Setup with Cisco’s Workspace Designer
04Nov

Configure Your Video Conferencing Setup with Cisco’s Workspace Designer

When it comes to configuring a workspace that will host... read more

Security Culture Score Managed Service Provider West Michigan
29Oct

Why You Should Care About Your Organization’s Security Culture Score

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Traveling for Work? Here are the Best and Worst Ways to Connect
28Oct

Traveling for Work? Here are the Best and Worst Ways to Connect.

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Phishing Attacks Can Now Mimic Your Organization’s Login Page in Real Time
27Oct

Phishing Attacks Can Now Mimic Your Organization’s Login Page in Real Time

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Numbers Don’t Lie: Phishing Training Works
22Oct

Numbers Don’t Lie: Phishing Training Works

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

Ransomware Is Getting Smarter: How AI Is Changing the Threat Landscape
21Oct

Ransomware Is Getting Smarter: How AI Is Changing the Threat Landscape

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

BYOD for Smartphones: Balancing Security, Privacy and Cost
20Oct

BYOD for Smartphones: Balancing Security, Privacy and Cost

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

MDR for Business Grand Rapids IT
15Oct

Why MDR is the Security Team Your Organization Needs

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more

13Oct

The CIA of Data Security: What It Means and Why It Matters

Editor’s note: In recognition of National Cybersecurity Awareness Month this... read more