Not sure how to plan against a cyberattack… think fire prevention.
All UK-based organisations will have fire safety precautions in place. For obvious reasons, businesses are legally obligated to reduce the risk of fire including things like having operational fire extinguishers and alarms plus they’ll need an emergency plan.
Whilst cyberattacks would not have the devastating impact on people or businesses that a fire would, using the fire prevention model to prepare for a cyberattack is useful.
Before any fire prevention plan is put in place the building will be assessed. Carry out a similar assessment ahead of installing Cyber Security. What infrastructure do you need to protect? Where is it – do you have premises and remote workers using kit that is vulnerable to attack? What are the potential threats? Recognise that there are threats that are, as yet, unknown.
Plan for prevention
Prevention is better than cure. Fire prevention includes well-designed buildings, fire alarms, and fire extinguishers – a multi-layered approach. Ensure the same approach for Cyber Security. Thorough Cyber Security will ensure adequate coverage wherever, whenever and however your teams are working. Measures also need to recognise when, where and how work will NOT be taking place. As an example, does your Cyber Security allow access to systems from geographical locations where your staff members are NOT working; locking down locations helps prevent cybercrime.
Even when thorough fire prevention measures are in place, fires still take place, but fortunately only rarely. That’s where drills come in. We’re all familiar with fire drills, and will have seen fire evacuation instructions on hotel doors. Whilst fire inspectors and marshalls will be confident in fire prevention measures they also plan for the worst. Cyber Security must also provide similar measures.
Whilst you may be confident that you have thorough security in place, you must be aware that attacks could still occur. Drills, in other words planning for attack, ensure that even if an attack occurs the damage will be minimised. As with a fire, there are BIG attacks and there are those that are caught early. We recently reported on an attack to a cyber security company (even they weren’t immune!). Thanks to their thorough planning they quickly recognised that an attack was underway and massively reduced the damage that could have been caused. Yes, the attack occurred, and yes, it caused damage, but could it have been FAR worse.
Drills encompass staff training and this is a vital element cyber security. Humans are often at the centre of cyber breaches, so make staff fully aware of the risks that cybercrime poses and how they can help to prevent it. Most importantly, they mustn’t ignore it. They wouldn’t ignore a fire even if they’d inadvertently caused it by leaving their dinner in the work microwave too long – they would sound the fire alarm and get out of the building. Cybercrime is the same – staff must be confident to raise the alarm as soon as they become suspicious – not once the attack is raging, even if they fear they may have let the attacker in…
Whilst you won’t have a fire inspector knocking on your door to check on Cyber Security there’s still the chance that the Information Commissioner’s Office could pay you a visit if your data protection isn’t up to scratch. And clearing up the mess from a cyberattack could prove as debilitating to your business and risk similar reputational damage as that of a fire.
Need to get your Cyber Security Drill in place
Talk to Net Primates. You probably don’t assume you’re best placed to plan for fire safety – you ask the experts. So, get in touch if you need help with any aspect of Cyber Security.