Week 3 of National Cybersecurity Awareness Month is all about protecting your place of work from cyber threats. In addition to identify what assets you need to protect, consider the following key considerations:
Protect your assets: Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions.
Use employee training to communicate the message and gain employee buy-in. Don’t make this a one time event, have recurring training throughout the year to maintain a culture of cybersecurity awareness.
Be able to detect incidents: We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the more quickly you know about an incident, the more quickly you can mitigate the impact and get back to normal operations.
While everyone has a firewall and anti-virus software, who is monitoring it? Just the basics are not enough. You should have intrusion detection and prevention and other security technologies in place that are designed to look for patterns that are not normal. The tools alone are not enough, you need to have a qualified cybersecurity professional reviewing this information in real-time to catch potential risk.
Have a plan for responding: Having a recovery plan created before an attack occurs is critical. Make and practice an incident response plan to contain an attack or incident and maintain business operations in the short term.
You never want to put your head in the sand if you think you are the victim of a cybersecurity event. You need ot have a plan to rapidly response and protect your business. This includes internal communication and external communication as well. Be sure you have a message that will contain the fallout and not risk damage to your business reputation.
Quickly recover normal operations: The goal of recovery is to move from the immediate aftermath of a cyber incident to full restoration of normal systems and operations. Like the response step, recovery requires planning. Recovery is not just about fixing the causes and preventing the recurrence of a single incident. It’s about building out your cybersecurity posture across the whole organization (not just the IT person or group), including increasing the focus on planning for potential future events.
Be sure the technology is in place to recover quickly and maintain business operations. This may mean having to operate in a somewhat reduced state while the full impact is assessed. You need to be sure you have reliable backups of your systems and the ability to bring them online in locations other than your offices, should the event warrant that. be sure you understand the concepts of RPO and RTO, Recovery Point Objective and Recovery Time Objective respectively. You may have a Disaster Recovery (DR) Plan that addresses this, but do you also have a Business Continuity Plan (BCP) to account for ongoing operations? You should.
Here are some helpful resources to help you assess these critical areas: