Have a Cyber Readiness Plan
As we are all neck deep in the #covid19 crises, an overwhelming need businesses face is ensuring their critical information available and safe. Employees are scrambling to get remote access and in doing that are inadvertantly creating exposures to risk. This is the first of a multi part series on cyber resiliency and readiness. Step 1. Have a cyber readiness plan!
Determine the critical pieces of your information infrastructure
To protect your information assets, you need to understand where they are stored and how they are accessed. This information helps determine backup and security strategies. Build a list of your critical systems and data store locations.
Identify single points of failure and fix them
It is not always feasible to build redundancy into every aspect of your network, but with critical systems a failure can be costly. This could be with networks or people. Identify a second way to do something. We should all have plan B’s!
Build a workforce continuity plan
This is the step many failed to do prior to the pandemic and were left scrambling to figure it out. Human safety is the most important, but having the ability for workforce mobility improves your cyber resilience.
Build that incident response plan you’ve put off
Create a plan, communicate it to everyone and ensure people know their resonsibilities during an incident. Your plan should include:
- A list of people and their jobs for incident response staff
- Your workforce/business continuity plan
- Documentation of critical systems, backups and return to uptime procedures
- Documentation of the tools and processes needed to address incidents. How do you contain and recover?
- Documentation of communication strategy during an incident
Train everyone on your plan
Information Technology teams may be the only ones that really understand and act on the plan, but it is important that everyone be involved in recognizing incidents, reporting them and how to handle their individual jobs during a crises.