Even if you think you are immune to a cyber attack these ideas are critical to restricting the impact.
I want to talk about some of the problems we have encountered when being called into a cyber event situation for a new client.
Have you looked at all of our business risks?
Risk is the biggest invisible issue in today’s business world.
Most Organisation does not know how to evaluate the risks that their digital component brings to the Organisation because they cannot visualize the risk.
Only by looking at the digital risks will it become apparent that more is needed to be done.
Get some good legal advice!
We regularly come across businesses that do not know what their legal obligations are when it comes to protecting data that they are the custodian of.
If your Organisation collects information about a person or a business you are now the custodian of that data. The legal implication of being the custodian need to be understood before you make the decisions concerning the information or type of information collected.
Always err on the side of less. If you cannot justify it do not collect it.
Check your response plan!
When it comes to SME’s, they think they are Bulletproof.
It will never happen to us, we are too small, yadda yadda!
Well, NO. A cyber event can happen anytime and to anything digital. When it comes to a true cyber attack you need to have a breach plan.
A plan that tells everyone in your Organisation what you expect them to do, how they will do it, who they report to and the process needed to preserve evidence and get back to business as normal. Without it, chickens missing heads, running, lots of running, come to mind!
Test your systems with a tabletop war game.
This is absolutely essential to any Organisation with more than 5 staff.
Run some hypothetical scenarios. Think of a problem and make sure that everyone knows what to do if it ever occurred. Especially test disaster recovery, business continuity and breach plans.
After testing the system do both a hot wash up (debrief) and a report.
Implement any discovered failures. Things that could be done better. Things that were done badly.
You do not want a real emergency to be the first test of these plans.
Test some “what if …” plans.
Another alternative is to come up with some unusual issues.
A fire in the building that does not impact your business but your business is in the same location and your staff can no longer get to the office, showroom, shop for a week.
What is the impact? What is your solution?
Tested our backup, we have.
We have a rule. When it comes to backups we have the 3-2-1 rule.
There are 3 copies of all data. The original data plus 2 other copies. Those 2 copies consist of an on-site incremental data copy and an off-site copy. There is always 1 copy of the data stored off-site.
Once again a backup is useless unless it has been tested. A regular restore copy of a couple of files should be documented every month. A full-blown restore of the system should be done every year from both locations.
Who do we have to report to?
When it comes to a breach there also needs to be a reporting structure. Part of your business continuity plan should be a list of people who are allowed to talk to the media, post on social media, talk to vendors or talk internally and to who.
Reputation always impacts needs to be controlled as much as possible in today’s live world. The policies, plans, and tests will ensure that everyone knows what they need to do.
Does anyone know how to preserve evidence?
If you are knee-deep in a cyber event the last thing that anyone is going to think about is the preservation of evidence.
Once again if the breach plan has been tested then you will know what has to be done. If would be cold comfort to know that someone who has ruined you life will not face the consequences because there is no evidence against them.
Preservation of digital evidence can also include the information and machine learning that comes from your System Information and Event Management system (SIEM).
Train everyone, security should be part of everyone’s role in the organisation.
Social engineering is the process of targeting people.
It is used to great effect against everyone in business. Social engineering is a 2 fold process – the bait, the email SPAM, phishing and the bad technology – link, application or attachment.
Combined together they are an effective attack system for the bad guys.
To counteract the social engineering you need to educate everyone. There are free online courses but additional resources can include competitions, posters.
Get a framework and implement it.
One of the best protective strategies any business can implement is a framework. I recommend the National Institute of Standards and Technology (NIST) Cybersecurity framework.
By answering the 98 questions, you get an instant base level indication of where your Organisation is in regards to the security maturity.
A framework does a number of things. It gives you a base level, it gives you a score between 0 and 4, it ensures that you do not forget anything and gives you a road map for business security within your Organisation.
As a flow-on effect, it gives you a score that you can compare apples with apples (security maturity with security maturity) against other Organisations. When it comes to data sharing you can make informed decisions on how secure the other Organisation will be in regards to data protection.
You have done a vulnerability assessment
Every device that is connected to a network has the capability of compromising the whole network. The first law of Cybersecurity is “if there is a vulnerability it will be discovered and it will be exploited – no exceptions”.
To ensure that those vulnerabilities are addressed you need to do regular vulnerability scans on the network.
This can be achieved with expensive or free systems. Either type it is important that vulnerability scans are completed and mitigated and vulnerabilities are patched and managed correctly.
Cybersecurity is not easy!
There’s no such thing as set and forget when it comes to protecting your Organisation from a cyber event.
It is a diligent and continuous process that needs to be done correctly to protect the integrity of the data within your custodianship.
Keep it safe, protect it, monitor it and ensure that if something does happen you have a way back to business as normal.