Increasing Threats
Companies rely more and more on digital information and network-enabled devices. Threats are increasing, and cybercrime is on the rise, so it’s no wonder cybersecurity is increasingly important. Is your company prepared for a cyber attack?
If you are like most small/medium businesses, you don’t have a written plan at all. If you have a plan, was it well thought out and tested, or was it thrown together quickly to appease a customer’s request?
Take It Seriously
It’s time to seriously consider the question: How would your business perform if it is hit by a cyber attack right now? What would you do? Who would you notify? How would you recover?
Cybersecurity Threat Evolution
Cyber threats are constantly evolving, making it necessary to continually ensure your cybersecurity defenses and responses are effective for your business right now. A slow or inadequate response can have a very negative impact on the bottom line, along with your reputation.
Regular Cybersecurity Audits
It’s not enough to have plans in place; they need to be audited regularly. When was the last time your team updated the business’s cybersecurity plans? Are the documents current, and do they still meet the needs of each department? Has network and server equipment changed since the plan was written? What about 3rd party tools and services?
The Four-Step Plan
Regular internal audits are a smart way to prepare for a more comprehensive external audit. The brief internal audit I’m recommending below can ensure your cybersecurity plans are up to date and functioning as they should. Here are the four quick steps you can take right now:
Step 1 – Review your plans
Pull out your documents and give them a hard look. Consider whether your policies and procedures still make sense. Has any personnel changed, etc… Ensure every component of the plan has a clear purpose and that roles and responsibilities for executing the plan are clearly defined. Every aspect of your plan should clearly say who has to do what and by when in the case of a cyber-attack.
Step 2 – Assess risks and exposure
Have any new services been introduced that have changed where threats can originate? For example, is there new off-site data storage or new wireless access points that have come online? Have there been other infrastructure upgrades such as new server hardware, software, or cloud-based services? If you discover new risks or identify new components, make sure to update your plan to include them.
Step 3 – Consider security standard
Once you have reviewed and updated the plan, consider whether it meets applicable security standards. If you work with CUI data (confidential unclassified information) under NIST 800-171, for example, do you meet the requirements appropriate to your role? Does your plan meet the requirements of your standards? How does the plan measure up to general industry best practices?
Step 4 – Test for Action
Would employees be able to use the plan in the case of a security breach? Where might a breach be discovered, and who would discover it? Would that person or group know what to do? Does the plan define who they would contact and how long it would take to mitigate the breach and fully resolve the situation?
If you’ve taken a look at these steps and are still unsure whether they would be effective, Centrend can help you with a professional external audit. Give us a call or submit our contact form for a free Q&A session to discuss your organization’s readiness for handling a cyber attack.