Cyber Attack, Crisis Management
Ask any IT professional if they have taken precautionary measures to avoid a cyber attack and, without fail, all will tell you in good conscience, “Yes.” Truth is, most have probably done as much as they know to do within the budgetary constraints placed upon them.
But come on, you know attacks have happened to others with huge protections and budgets – even our own government – so on some level you have to know you are vulnerable to an attack. Once you internalize and acknowledge that, then you will come to the belief and understanding that this is not just an IT issue but a business risk for the entire company. You will begin to realize it is no longer matter of “if” you will be attacked, but “when”.
Once you make that shift, you will then begin to ask the more important questions, “What is our cyber attack crisis management plan?”, and “How do we move beyond precautionary measures and become stronger and more resistant company-wide?” Key questions to consider may include:
If we have a plan, have we tested it? Do we know who is authorized to shut down systems, begin restoring from backups, and who/how we will notify our customers?
If a third-party partner* is hacked, is our client’s data at risk? How/when is our company be notified about their breach?
Is the sensitive data we are storing critical to our purpose and mission?
Tone at the top is always critical but with so many mobile devices and ways to access systems remotely, how do we measure compliance with our policies from our employees?
What steps are we taking to remain current on trends and threats? Do we know where we (or our third-party partners*) are most vulnerable?
*Why third-party partners? If your customer’s primary relationship is with your company and their sensitive information is breached, do you think they care that it was really due to a problem with someone in another company? To be sure, to the extent there is a problem that causes damages for your customer, they will be looking directly to you and not any third-party partner.
We are all connected and becoming more and more connected each year. Be sure to try to connect with only the ones you want as a customer, but be prepared for the time the unwanted customer comes to visit.