Cyber Security Experts Agree - Now is the Time to Review your Cyber Security Plan
Though digital transformation and connectivity have increased the need for cybersecurity, the latest shifts in the geopolitical climate have made this aspect of information technology management even more important. For this reason, we've had multiple clients ask how they can prepare for this additional level of threat. To start, you'll need to assess your cybersecurity situation, review related insurance coverage, make sure that your vendors are also tightening their cybersecurity options and ensure that your emergency response plan is solid. There are six specific steps you can start taking right now to ensure your organization is in the best possible position.
1. Don't Panic
Numerous sources have stated that there have not been any increases in direct, large-scale cyberattacks against American companies. Given the current climate, critical infrastructure would be hit first, a warning sign that additional attacks could be on the way. Attack detection would start at the largest cloud service and internet providers, so taking steps to prepare for an attack would only involve the standard processes that are part of a larger, stronger cybersecurity position.
2. Get Your Updates from Excellent Objective Sources
Many companies look towards the FBI InfraGard for updates on various cybersecurity issues, while major news organizations such as Associated Press and BBC provide reasonable backups to direct news sources. Take the time to find who the advisors and experts are in cybersecurity in your industry to see what they're doing about the possible threat and bring in professional service firms to help update your cybersecurity assets and protocols to ensure you're ready to deal with any potential threat.
3. Go through a Cybersecurity Assessment to Understand Your Potential Risks
By having an outside cybersecurity expert go through your system, you can obtain a list of the potential issues that increase your company's risk of a loss due to cybersecurity issues. Why an outside expert? Because your internal IT resources are already familiar with your system, they tend to skim over the material assets that are at risk; getting outside guidance on these assets ensures that they are also protected.
4. Add or Improve Cybersecurity Liability Insurance
This type of insurance covers key expenses during a data loss or breach, such as digital forensics, legal expenses, crisis communications, notices and credit monitoring. It could also cover the cost of business disruptions. However, the payout of claims will be impacted directly by how secure your organization can prove to be before the claim event. Similarly, some carriers give premium discounts if you had a good report on a recent cybersecurity assessment.
5. Ensure Your Vendors Are Secure
Most breaches are caused by third-party vendor weaknesses, such as Target's HVAC vendor? Check vendor contracts for who is responsible for cybersecurity, including annual reports on security from third parties, right to audit, SLAs for security events and co-accountability. If vendors provide low-value products or services, consider dropping them if keeping them creates cybersecurity risk.
6. Build Incident Response Plans and Test Regularly
Start by knowing your critical systems, such as how long you'll operate with systems partially or completely down, along with cost to your business per day. Assume systems will be down and possibly breached to understand what's needed to get them running again, along with the impact on people, technology and processes. Take the time to try out different response scenarios with your leadership teams, because the details of the exercise often produce unexpected surprises.
When you're done going through these steps, it's important to bring in any professionals needed to implement changes and ensure that your cybersecurity is up to task. These professionals should be able to explain in plain language the general overarching themes of what they're doing to better secure your company.
Contact us today at [email protected] to request a free Cybersecurity Assessment. The results of the Cybersecurity Assessment will help you to know where your organization can improve its Cyber Defenses and how your organization stacks up compared to other organizations similar in size and industry.