Organizations of any size can be victimized by a cyberattack, making it more important than ever to have actionable cybersecurity plans and employee training as a part of your business continuity program. In a 2018 study conducted by IBM, 2,800 security and IT professionals from around the world provided these eye-opening cybersecurity statistics:
- 77% of respondents didn’t have formal cybersecurity incident response plan (CSIRP) applied consistently across their organization
- 65% said attack severity is increasing
- 57% of business leaders said it’s taking longer to resolve cyber incidents
If you are among the 77% that don’t have a formal incident response plan in place, what are you waiting for? With incidents rising, severity increasing, and October being national cybersecurity month – here are 6 best practices for starting your cybersecurity program.
- Assess Your Risks – Organizations of all sizes are at tremendous risk for crippling cyberattacks, so don’t overlook anything when analyzing the cyber threat to your business – including external and internal threats as well as intentional and unintentional threats. The existing threats, vulnerabilities, and risks that are not acknowledged are often the most problematic. Improper software patching, lack of full disk encryption, and weak passwords on mobile devices, network infrastructure systems, and web applications are among the most common.
- Make Your Employees Your First Line of Defense – Ensuring your employees are trained in cybersecurity is one of the best practices to mitigate the risk of an attack. Train them on what to avoid, what to do if they think their device has been compromised, and what to do in the event of an actual attack. By training employees on cybersecurity best practices, you can help to mitigate your organization’s risk of becoming the victim of a cyberattack, as human error is the leading cause of all attacks.
- Share the Plan & Don’t Share the Data – Ensure key players or crisis team managers have the plan of action in responding to a cyberattack and only the necessary employees have access to sensitive information and the devices where the information stored.
- Don’t Waste Your Efforts on Wasting Your Time – Nothing would be more frustrating than thinking you and your colleagues have carefully planned your response to a cyberattack and are then unable to immediately put the response into action. Using the proper technologies will ensure that your plan is actionable. A mass emergency notification system via multiple delivery types and devices is an invaluable tool to your business as it can immediately notify your employees and key contacts quickly in the event of a cyberattack or any other crisis.
- Change Your Plan for Changing Technologies – Remember, the various technologies used to electronically transact business are constantly evolving. Your response plan should be updated frequently as these new technologies are put into practice.
- Put It In the Cloud – Consider using cloud storage to store sensitive information or critical documents. This way, if your business is the victim of a cyberattack where files are wiped from your computers, you can rest assured knowing that information is safely stored in another location.
Preparis can help your business and employees prepare and respond to cyber-attacks while meeting regulatory requirements. To learn more on how Preparis can provide real-time intelligence into organizational compliance & readiness, click here.
And, join us for our upcoming webinar on October 11th at 2pm ET, entitled Organizational Resilience: From Crisis to Recovery. To register for this free webinar, click here.