Providing the cyber security your business needs to keep systems and data safe from threats such as malware or ransomware, and risks such as data loss, leakage or theft, is not a single measure. An effective response plan is a cyclical process that consists of preparation, detection and action. Here, we look at the first of these stages: preparation.
Given the complexity and downright ingenuity of cyber security threats today, your business may not have the skills, or the resources, to combat a cyber attack if and when it does occur, or even to put in place an effective response plan, and in such cases, it is often advised to hire an outsourced IT service to tackle the problem. But that doesn’t mean you should sit idle.
Preparation is key, not only in helping your external service provider do their job, but also to get your business up and running again as soon as possible, and indeed, hiring IT support can help you put the right plan in place before any potential disaster strikes.
With the GDPR soon to come into effect, a rapid response is not just advisable, but legally necessary when a cyberattack could result in the loss, theft or exposure of personal data, so your business needs to know what to do, and how to do it.
The first thing you need to do is draw up a cyber security incident response plan in collaboration with all relevant stakeholders, from board level down to the IT team who will oversee and run it through to completion.
What to Include in Your Cyber Security Incident Response Plan
It’s important to consider what the ramifications of a cyberattack could be for your business, what systems, IT infrastructure and data could be affected, who takes charge in the event of an incident, what technology you have in place to combat an attack, and what you should do about it, so outline the following:
- What assets need to be protected – from machines to software to data
- Who will be assigned responsibility for overseeing the response plan
- What the business is capable of internally to combat and respond to an attack and what external resources can be used
- The technology the business currently has to detect and take care of a cyber security incident
- A basic strategy outlining the level of action to take, ranging from an immediate shutdown of all operations to a scaled business continuity plan
- How the incident will be communicated internally to staff, to external stakeholders and partners, and to the relevant authorities, such as the GDPR regulator
The Assets You Need to Protect
Cyberattacks by nature will go after your company’s assets, so identify what your business needs to conduct its activities. These include your overall IT infrastructure, your software, machines and devices, business-critical data, apps, and your network. Then, identify what systems and networks you use to support and run each of these assets, where those systems are (in-house servers or the cloud), and consider what you need to protect them.
Also identify who has access to each system within your business, including third-parties such as contractors, clients, etc. Draw up account and access lists so you have a comprehensive overview of who has the right to access, use and or manage your network and the different systems in it. This will allow you to detect any strange or abused accounts during an incident.
While identifying your key assets, you should be able to highlight where vulnerabilities lie, and a cyber security audit will reveal those weaknesses so you can work on bolstering your defences.
When you have an overview of all of the assets you need to protect, it’s time to prioritise, identifying which assets – data, processes or networks – are of the utmost importance. Which of these, if compromised or lost, would result in the business grinding to a complete stop?
When it comes to your business being hit by the proverbial iceberg that is a serious cyberattack, it’s a case of women and children first, whereby you highlight the priority or order in which the recovery process will take place.
Arm Yourself with the Right Documentation
Up to date documentation of how your systems work, your IT and network infrastructure, and details of existing security measures, devices and software, should give the response team important logging information regarding network activity, such as firewalls, penetration testing, intrusion detection, etc.
Assigning Responsibility for the Response Plan
Once you have all of the necessary information, it is important for your business to clearly assign roles and responsibilities so that everybody in the company knows what actions will be taken, and by whom, if a cyber security incident does occur.
An organisation-wide document should detail the following:
- The internal contact point for security incidents, and how to contact them
- The tasks involved in the response plan, and who will be assigned to each of these tasks
- The person who will oversee the response, on both the IT and business side
- The person who will liaise with management throughout the incident response
- The person in charge of hiring, engaging, and liaising with any external response partner or outsourced IT support team
- The person responsible for informing regulatory authorities and/or the police
- The person responsible for informing third-parties and/or the media
As you can see, there are many diverse roles and department s that could be involved in this process, which is why it is so important for the incident response plan to be shared with and understood at every level of the organisation so that they can collaborate to get things back on track as soon as possible.
Calling for Help
It may seem natural to call on the help of an external IT expert to provide the support you need to remedy a cyberattack when that attack occurs, but bear in mind that it could take time for them to come on board and get to grips with not just the attack itself, but your specific systems and network – time you may not have if the business is on its way down.
Hiring an external IT partner at the preparation stage means that they are ready and waiting, able to jump in and save the day immediately, reducing downtime and getting you back in business quickly. They can also be a more affordable option than having an in-house team on the permanent payroll, and a far more affordable option than having the business shut down completely.
An external IT support team brings many advantages to the table. Not only will they bring expertise that will reduce diagnosis time, they will also bring the experience of dealing with similar issues, and will have the right tools at their disposal to identify threats and recover data.
On top of that, a reputable IT partner will also be able to identify the causes of the incident, to highlight previously unidentified risks and vulnerabilities, and advise on upgraded security.
If they are on board from the very start, and contributing to the preparation plan, you will have the best cyber security support on hand, to prevent further cyberattacks and act on any that do get through the safety net.
Cyberattacks are not inevitable, but they are becoming increasingly likely, so it is advisable to put in place a robust response plan that will ensure everybody within your organisation knows what needs to happen, and who will take charge of each task involved. In preparing that response plan, the advice of an external IT support team can prove invaluable, because they will have the knowledge to help forewarn against possible threats, and identify or detect them when they occur – which is what we will discuss in our next blog.
As certified GDPR practitioners, the team at pebble.it bring their expertise and experience to solving your cyber security problems. Find out how we can help you by getting in touch with us, or by booking a security audit, and in the meantime, download our IT Security Checklist:
