Even as the world slowed in 2020, threat actors picked up their pace and used work-from-home infrastructure to spread malicious attacks. These bad actors also exploited trusted software vendors from Solar Winds to Microsoft, pushing new vulnerabilities across tens of thousands of corporations, governments, and organizations large and small. These incidents turned into breaches, causing headaches across a spectrum of industries.
The Woods Rogers Cybersecurity & Data Privacy Group is often asked how to prevent a cyber breach and “what can our company do in advance?” Here are four tips.
1. Design a true incident response plan that delves into real details of what occurs after a cyber catastrophe.
Gone are the days of simply dusting off an incident response plan and crossing your fingers that all will be well. An incident response plan cannot simply be a phone tree. Use the quiet before an incident to develop a true disaster plan.
If your organization lost all its IT infrastructure due to a cyber incident, what would you bring back online first? What department? What manufacturing plant? What product line? Which operating room goes first? What component of your government’s critical infrastructure can restart?
These are the questions only your organization can answer. Answering them outside the stress of an incident is the only way to think through all the specific issues that may occur.
2. Dig into the preparations made by the IT team.
There are certain tasks you should begin well before a breach occurs. Ask your IT team to recommend other preparations, as each IT environment has its own characteristics.
- Confirm your team can provide an accurate, up-to-date network map and inventory of IT assets, both hardware, and software.
- Turn on logs such as firewall logs and syslogs, collect them in a centralized, protected storage location, and maintain them as long as you can (at least 30 days).
- Limit all users to one user ID/account, except for certain IT users who need a separate account with elevated access to perform some functions.
- Ensure all service and system accounts have an owner who can explain what the account does.
- Require strong passwords and multifactor authentication.
3. Research cyber insurance.
As the insurance market and reinsurance market becomes more sophisticated in the realm of cybersecurity coverage, the windows for coverage continue to close. Now is the time to begin looking at these issues.
- Do you even have cyber insurance?
- If your organization is self-insured, have you designed a captive insurance pool that is ready to withstand a cyber incident?
- What are the towers of coverage available to your organization?
- Has it been reviewed by the legal team for holes or gaps in coverage?
Finally, cyber insurance may not cover all the expenses you will likely incur in a cyber event. How are you mitigating that risk?
4. Prepare for the fight of your organization’s life.
With many cyber insurance policies, you do not get to choose who comes in to defend you or secure your organization after a cyber event occurs. You can often negotiate to have your legal vendor or cyber forensics vendor of choice put into the mix with your policy, but you have to do that in advance―not in the midst of a cyber incident.
If your organization is about to be the next news headline because of a major cyber event, do you want to be standing next to a legal stranger or a trusted partner? Make relationships now with trusted vendors and develop those relationships in advance.
It’s no longer a question of whether an organization will be impacted by a cyber incident, but when. The time is now to plan ahead.