The Triple P’s for resting easy
Cyber Security Month, October 2017
We live in a digital world. Even if it is not operating in the tech space, your business is still at risk. From data breaches to holding information hostage with ransomware, there are a myriad of ways criminals can impact your business.
So how can you protect your business? Read on.
In this series, we’re sharing insights and tips to help you reduce risk to your organization, manage compliance, and stay safe.
Tip #1: Policies, procedures and processes – do you know where to begin?
Your worst nightmare has come true: you’ve been breached. Now what?
In the midst of a crisis, you’ll have enough on your mind, take a bit of the stress off by putting the proper policies, processes and procedures in place before anything happens.
Before a breach, review your company’s existing incident response policy and procedures and make sure your team knows what to do (and who will do it) if anything happens. It’s easy to assume that team members will know their roles and responsibilities, but proximity or familiarity with systems alone may not ensure they’ve been informed of what to do, and when, in case of an emergency.
First, develop an incident response policy. From there, create processes and procedures that align with the policy to help build out your incident response plan.
Ensure that this plan has:
- Clearly defined roles and responsibilities
- Been communicated to necessary team members and stakeholders
- Notifications and mechanisms at the ready
- Response protocols drafted
- Been reviewed/up-dated as needed (at least annually)
An annual test of your plan is also recommended as it will assess the plan’s effectiveness and appropriateness. Up-dating your plan will also ensure you’re complying with any new legal requirements that may have been released since your plan was created.
We also recommend engaging an experienced advisor to ensure objectiveness throughout the process. This oversight will also ensure all necessary stakeholders are included in the planning process and informed of any up-dates.
- Tip #2 Ensure you have the right leadership in place
- Tip #3 Identify/classify sensitive data
- Tip #4 Check in on your vendors that also have access to your critical information
- Tip #5 Establish partnerships with organizations that may assist you during a crisis
- Tip #6 Institute a security/privacy awareness training program