We’ve spent the last couple of months talking you through all the ways you can build up a strong approach to cyber security, to lessen the risk of you falling victim to cyber attack. The problem is, as our security measures evolve, so too do the capabilities of attackers. Meaning we have to face the reality that even with the best tech and tactics in place incidents do still occur.
January and February this year in the UK alone saw Ordnance Survey, the Royal Yachting Association, the Financial Conduct Authority, Samsung, and two major UK hospitals experience significant cyber incidents. And these are just the high-profile cases.
Think like a boy scout
The very best thing you can do in accepting this reality is to think like a boy scout and Be Prepared. Which basically means write an Incident Management Plan. Know how you’re going to react, who is going to tackle what, and who needs to be informed. That way, however disastrous the incident, you won’t be running around like a headless chicken but can respond calmly to minimise the impact, maintain business continuity and customer confidence, and learn from your mistakes.
Without an incident management plan, not only are you heading for headless chicken territory, but you also risk not detecting an incident in the first place (leaving it to wreak damage for months), not getting to the root cause of issues meaning you suffer continual repeated disruption, and possibly flouting legal or regulatory requirements.
So what’s the plan, Stan?
Clearly your own particular Incident Management Plan will depend on the size and nature of your organisation, the type of risks you are open to, and the expected impact they would have. You should already have conducted risk assessment as part of your robust cyber risk regime (discussed in our second blog – find it here [link]), but if not, do that now (we won’t tell anyone). That’ll give you the awareness of what incidents you could be talking about.
Then, tick off the following:
- 1. Assess your resources and frame a policy. What funding do you have to develop, deliver and maintain an organisation-wide incident management capability? Can you achieve it in-house or do you need to call in a specialist incident management company? Frame a policy addressing the full range of incidents that could occur and set out your intended responses. Make sure it covers any legal or regulatory reporting requirements.
- 2. Define roles and responsibilities. Appoint and empower specific individuals (or suppliers) to handle incidents, and spell out clearly to them what decisions and action they may need to take if the worst happens. Ensure the rest of the staff know who these key responders are and how they can be contacted. Make sure everyone feels adequately informed as to how to report a suspected incident, without fear of recrimination.
- 3. Provide specialist training. The people you have appointed as your incident response team may need specialist knowledge and expertise across a number of technical (even forensic) and non-technical areas. Make sure they are fully trained and confident in these skills.
- 4. Work out how you’d get your data back. Most incidents in a cyber context are going to involve loss of data. Minimise the impact of this with a systematic approach to the backup of essential data. If you’re using physical backup media this should be held in a physically secure location, ideally offsite. And make sure you road-test your ability to recover your archived data before facing the real deal.
- 5. Put things to the test. All your incident management plans should be regularly tested, and any issues ironed out. Remember staff members will change, and different risks will rear their ugly head, so it’s vital not to just make a plan and forget about it until disaster strikes.
- 6. Know who needs to be in the know. Make sure you know who needs to be informed in the event of an incident. Are there specific legal or regulatory requirements as to who you must report an incident to? These must be clearly set out in your incident management policy. Obviously make sure you follow this and inform the relevant authorities (such as Action Fraud) if an incident kicks off.
- 7. Learn from your experience. In the wake of an incident, make sure you collect evidence to analyse what led to it, to try to identify and remedy the root cause (this evidence could also support any disciplinary or legal action that ensues). When the dust has settled, take time to look at how you all responded to the incident – what aspects of your incident management process worked well and what could be improved? Update any relevant policies or user training that could have prevented the incident from occurring, or being responded to more effectively.
We hope that our series of blogs over the past couple of months has brought home to you just how crucial it is to shore up your organisation against the risks out there in cyberspace, and to get everyone’s buy in, from interns to board members. Hopefully we’ve also given you confidence that there are achievable steps you can take to become a cyber-savvy company and significantly reduce the risks and the fall-out of attack. We’ll be back with our next blog soon, but in the meantime if you need any advice or training for your staff in cyber security, risk management or incident response, we live and breathe this stuff at Hexegic so would be delighted to talk things through. Back To Blog Page
Stay cyber safe, virus free, and don’t become the next hacking to make the headlines.