The month of October has been identified as National Cyber Security Awareness Month (NCSAM) by the National Cyber Security Alliance. VSS has joined the effort as a NCSAM Champion to promote cyber security awareness from the breakroom to the boardroom and help you with planning for cyber security.
We encourage you to take action in protecting your business, employees and customers from online attacks, data loss and other threats – and to ultimately create a culture of cyber security at work.
We’ve listed five areas to explore planning for cyber security incidents happening and how it could impact your business and life.
1. Identify the “crown jewels”
The first step in protecting a business from cyber threats is to identify the “crown jewels” of your business. Those assets and systems that are critical to your business that would prove difficult to operate if they were lost or compromised and/or could be a high value target for cybercriminals.
Always think broadly about critical assets when planning for cyber security. They could be data such as customer or employee data, systems such as ordering, inventory or scheduling and/or intellectual property.
2. Protect Your Assets
Once you have identified your “crown jewels” and critical assets, build your cyber protections around these first as you create a trajectory forward to protect your entire business.
Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions.
3. Detect Incidents
Detection is all about knowing when something has gone wrong. We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the faster you know about an incident, the quicker you can mitigate the impact and get back to normal operations.
4. Knowing the Threats
Not all threats in cybersecurity equally impact your business. Some, like broad ransomware attacks are designed to infect any system anywhere that is vulnerable. In other cases, attacks may be motivated by the type of business you are in and the value of what you have.
For example, for those in the retail business, cybercriminals may be looking to steal customer payment data or access a bank account. If you are in manufacturing, maybe stealing your intellectual property or disrupting operations is the goal.
Even when we take all the precautions we can, incidents can still happen. Being prepared to respond in a thoughtful and comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Therefore, planning for a response is critical.
The good news is preparing to respond to a cyber incident is not unlike preparing for other events that could impact your business like natural or man-made disasters. Planning for cyber security means building a cyber incident response that can tap your other operational knowledge and experience.
You will need to be ready to:
- Resolve the problem (e.g., fix your network, restore data)
- Identify what’s been lost and who has been impacted
- Continue operations while problems are fixed
- Communicate with stakeholders (e.g., customers, employees and perhaps the general public)
- Comply with applicable laws and reporting
- Report to appropriate agencies
Join the NCSAM movement this month and arm your business against today’s unrelenting IT security threats.