A cyber security incident is a major high-pressure situation and the impact can be devastating if your company is hit. We’re providing this information to help your organization make sure it is protected, prepared, and can take the correct actions in the event a cybersecurity incident occurs.

Protect:

The complete list of ways to protect your business is very robust, but the suggestions below are good foundational steps.

  • Use high quality, centrally monitored and managed business-grade anti-virus.
  • Have secure, quality backups in place; Confirm those backups are stored in multiple locations.  Perform test restores of data several times per year.
  • Get an IT security and phishing training program in place for your staff; A wise and educated staff is critical when it comes to preventing cybersecurity incidents.
  • Enable two-factor authentication (2FA) everywhere you can.  Enabling 2FA authentication in Office 365 and on many websites is not difficult. Enabling 2FA on VPN connections is more challenging, but can be done by your IT consultant/department.

Prepare:

Think of preparing for a ransomware or hacker attack like you prepare for a hurricane. Businesses are not judged on whether they can prevent a hurricane.  They are judged on how fast they can recover and get back to operational status.  In 2021, cybersecurity incidents are the inevitable hurricane.

  • Have Cyber Liability Insurance in place NOW.  These policies are designed to mitigate losses from cyber incidents, including data breaches, business interruption, and network damage.  This coverage will provide expert resources including a breach coach (manages the entire process), legal team, PR team and forensics team, all of which are experienced in handling these types of cyber breach scenarios.
  • Have a documented Cybersecurity Incident Response Plan.  If you don't have one, reach out to us.  We may be able to provide you one to get started.

React:

When a security breach occurs, every second counts. Malware infections spread rapidly.  Ransomware can cause catastrophic damage to your organization in a very short period.  A failure to act quickly can lead to attackers getting access to more of your organization’s sensitive assets. This is when you implement your Cybersecurity Incident Response Plan.

  1. Do not turn off power to any computers, file servers or network equipment.  They contain forensics data that your IT consultant/department and your insurance company will need (see step 5).  Turning them off can wipe out the critical forensic data.
  2. Contact your IT consultant/department immediately.  Get them involved as quickly as possible.
  3. Disconnect\unplug the Internet service from your network.  Your IT consultant/department can create a simple documented process that any staff member could follow to get this done.
  4. Disconnect every computer and server from the network.  Unplug the Ethernet network cable and turn off Wi-Fi.
  5. If you have a Cyber Liability Insurance policy, contact your insurance company. To submit a claim and be reimbursed, the insurance company will have a specific set of steps that must be followed by both you and your IT consultant/department.  If these steps are not followed, your claim may be denied (see item #1 in this list).

There are several subsequent critical steps to be taken by your IT consultant/department, your leadership and staff, your insurance company, and law enforcement, but these are the critical first steps in your plan.

Beyond the Four Basic Protections Listed Above:

  • We highly recommend you invest in the proper IT systems and services that provide robust cyber security protection.  There are products and services available that likely could have helped  prevent both the recent Colonial Pipeline breach and the Kaseya ransomware attack.  Implementing a zero-trust model and having a security operations center (SOC) monitor your network and computers for malicious activity could have played a role in prevention of these two attacks.
  • Make sure your IT people are staying abreast of the latest developments in cybersecurity.  This kind of knowledge growth and insight requires intentional action.
  • Find IT consultants or internal IT staff who have the heart of a teacher.  One of their jobs needs to be interpreting confusing IT geek speak and explaining it in a way that business leadership understands.  Leadership that understands cyber security is better equipped to make wise business decisions about how to protect their IT systems, data and customers.

If you’re looking to improve cyber security protection in your organization, click on the link below to schedule a call with Jeff today. No obligation, no geek speak - just solid information and clear insight on how to best protect your organization from cyber-attacks.