September is Disaster Preparedness Month and October is Cyber Security Awareness Month. We thought we might split the difference and talk about the two together…think, are you prepared for a Cybersecurity Disaster?
These days, data breaches are almost unavoidable. It’s no longer “if you get breached” but rather “when you get breached.” Arm yourself with knowledge, and be prepared for a cyber disaster. Here’s how:
Know exactly where your data is
If you don’t know where your data is, you cannot develop a logical investigation plan. By knowing what’s where, when a breach occurs, you can quickly triage the situation and rapidly reduce the scope of the investigation as appropriate.
Extend your logging
In the past, not too much attention was paid to log file except for troubleshooting situations. Now, without log files, performing an investigation is like following footprints in a blizzard. The trail is quickly lost. This can be a big problem, since many breaches are not detected for months after they occurred.
Understand your breach disclosure responsibilities
Your first calls should be to your cyber insurance agent (you have cyber insurance, right?) and your legal counsel. Legal obligations are becoming stricter and stricter. You need good counsel on cyber security coverage and legislation. You’ll need to sort out which disclosure laws apply and help lay out a strategy to comply.
Develop an incident response plan (IRP)
If you have a plan, you can contain and eradicate threats exponentially better than without one. The plan should document your data locations, logging available, your response team and more.
Keep your IRP in an easy-to-find location
The KISS principal applies here: Print it and put it in a binder in a secure location in your office. Why? If your network is breached, you may have to lock things down. And, if it’s on the same network that was breached, you may not be able to get to an electronic version. You could also store electronic copies on another network in addition to the office.
Test your plan
Consider two-fold testing—a simulated penetration test to gauge your organization’s ability to withstand a cyberattack. This could be specific software and systems or human engineering such as simulated phishing tests.
Next, you also want to test your response plan and update it regularly to reflect technology changes as well as organizational changes. So, for example, if you’ve moved to Office 365 in the last year, you should review your Business Continuity Plan (BCP) and Incident Response Plan (IRP) to ensure you’ve got your bases covered.
If you want to learn more or learn how IT Radix can help your business, call us today!
