Imagine heading out for a day at the beach. You are dressed in shorts and a t-shirt. You brought your sunscreen and you even remembered an umbrella. Now imagine you get to the beach and are caught in a treacherous blizzard. That sunscreen and umbrella are not going to be of much help. You soon realize that you are completely unprepared, and better brace yourself for a painful experience. How do you ensure your business is never in this situation?
Simple! First, you start by knowing the forecast. Second, pack the right gear for any situation. Third, document a plan that prepares you for the unexpected. Let’s look at how this applies to technology and your business.
- KNOW THE FORECAST
Understand exactly where you stand and what might be coming your way. Many businesses have a false sense of security for the solutions that they have in place. We hear comments like this all the time, “We have backups, so were good,” and, “I don’t need to worry about cyber threats, we have a firewall and anti-virus. Besides, my company is too small to be a target, right?”
While it is true that technical controls help protect your business from potential threats, this is only a small part of what is necessary in today’s world. Start by taking a close look at your vulnerabilities and risks. At minimum, review this on an annual basis, because threats are evolving constantly.
Here is a free assessment that provides a complimentary FISASCORE estimate: https://www.bergankdv.com/services/technology-services/
- THE RIGHT GEAR
Understand there is no one-size fits all solution that does everything. That is why it’s important to deploy multiple layers of protection. The more layers in place, the more likely you will be prepared for whatever comes your way. When looking at cybersecurity protection, a good checklist should include:
- Email security
- Passwords
- Security awareness training
- Endpoint security
- Multi-factor authentication
- Computer updates
- Dark web research
- Next generation firewall
- Encryption
- Backups and disaster recovery planning
- PLAN FOR THE UNEXPECTED
Knowing the forecast is one thing, having the right gear is another, but reality has shown us that sometimes what we get is completely different then what we were expecting. In these circumstances, your incident response plan will be critical to making sure you stay on right path. To develop this plan, here are some questions you should be asking of your business:
- Do I have a disaster recovery solution in place?
- When was the last time my backups were tested?
- Do our employees have an awareness for potential security threats?
- How long can we realistically be down? One hour? One day? One week?
- What is the financial cost of downtime to my business?
- Do I have compliance or other requirements that I need to get in line?
- Who do I call if we have data breach? IT? Attorney? Insurance? Forensics? PR Firm?
- Have we identified critical systems and lines of communication?
- Have we prioritized recovery tasks? Have we delegated these tasks?
- Have our policies and procedures been updated recently? Have they been documented? What critical data and intellectual property might need hardened security?
- What happens when plan “A” isn’t working? How soon until we switch to plan “B”?
- Do I really know where we stand?
Your plan will be unique to your business as it balances your needs, budget and tolerance for risk. As you develop this plan, keep in mind it needs to be documented and communicated to your employees. Don’t forget that planning is one thing, but making sure you test your plan so that you know it works when needed. Lastly, understand that if you haven’t been asked already, your clients, your vendors and other business partners will be very interested in your efforts to minimize your information security risks. After all, you may have their personal identifiable information, intellectual property or trade secrets.
Are you ready to weather the storm? Take the first step and contact your technology professional to help guide you and your business through this journey.