Tips to help protect your organisation from cyberattack
Cybercrime is now a multi-billion-dollar industry that impacts organisations of all shapes and sizes. That means cybersecurity is no longer a matter to simply be left to your IT department. Ensuring that your organisation is properly protected from cyberattack should be a board level priority.
In this blog, we explore the 5 questions that you as a board member need to ask, to ensure you’re sufficiently informed and able to take appropriate steps to protect your organisation from cyberattack.
Why should board members be concerned about cybersecurity?
A cybersecurity breach can be extremely disruptive and expensive, potentially resulting in significant downtime and lost productivity, permanent loss or public exposure of confidential information, reputational damage and direct financial loss. The potential impact of a security breach could be devastating or potentially fatal to any organisation. That’s why cybersecurity should have oversight at the highest level.
A robust cybersecurity strategy will also call on resources from across the organisation, including finance, human resources, IT, and operations. To gather this appropriate support and commitment from across the organisation requires a suitably senior authority to champion the cause.
Here are the 5 cybersecurity questions board members need to ask.
1) What is our current cybersecurity position, and what measures are in place to protect the organisation from cyberattack?
Although board members don’t need to have a deep technical knowledge of the organisation’s cybersecurity defences, some understanding of the systems that are in place is important. Equally critical is an understanding of how these systems are resourced and managed on an ongoing basis, as well as how the board will be kept informed.
Cybersecurity is not a “once-and-done” proposition; it’s one that must be actively managed. Are your security measures current and always evolving to keep up with new and more sophisticated threats? Are they being audited regularly to identify gaps and ensure compliance with established standards? Are your systems proactively tested, such as with mock attack scenarios and penetration testing?
2) How do we know if a cybersecurity breach has occurred?
In the event of a successful cybersecurity attack against your organisation, a rapid response is critically important to limit the extent of the attack and minimise the potential impact. The longer a successful attack is allowed to remain in place, the further it may spread and the more complex and expensive it may become to resolve.
As a board member you should satisfy yourself that any security breach will be rapidly identified and responded to. Ask:
- How does the company monitor for cyberattacks and breaches?
- Are staff appropriately trained to identify and respond to attacks quickly?
- How do staff report any suspicious activity?
3) How do we respond in the event of a cybersecurity breach? Do we have an incident response plan?
Instead of considering how your organisation will respond if a breach occurs, think instead in terms of responding when a breach occurs. Assume that a breach will occur and plan accordingly by having an incident response plan in place.
At a basic level, a cybersecurity incident response plan should include:
- Formation of an emergency cybersecurity incident response team to manage the incident response.
- Definitions of what a cybersecurity incident is (and isn’t).
- An incident response management flowchart to help employees understand the steps to be followed during a cyberattack.
- Cybersecurity incident response communication templates to help with timely companywide communications for the more severe security breaches.
- An emergency contact list and communications plan to keep internal and external stakeholders informed and coordinated.
4) Are backup, disaster recovery and business continuity plans in place and tested?
When you’re thinking about how the organisation will respond in the event of a security breach, there are three plans of critical importance. Satisfy yourself that all three plans are in place, and are reviewed and tested on a regular basis.
In many cases, when recovering from a security breach the organisation may need to recover lost or damaged data from backup. The backup plan should detail how the organisation backs up important data, and how often? What is included in the backups? How often are the backups tested? How secure are the backups if a security breach occurs?
Disaster recovery plan
A disaster recovery plan details how the organisation will recover from a disaster, such as a security incident. Disaster recovery will often rely on the backup plan, but will also consider how the backups are to be used, what order systems are to be recovered in, how long recovery efforts may take, and what additional resources may be required, such as new data centre equipment or cloud tenants.
Business continuity plan
A security breach may result in significant disruption to business operations, with key systems rendered useless. A business continuity plan should address how the business may keep operating (even at reduced capacity) while the security incident is addressed and business systems recovered to an operational state.
5) Do we have cyber insurance, what does it cover, and are we compliant with our obligations?
Cyber insurance can help not only with the immediate response to an incident, but also with immediate and longer-term recovery efforts. Ensure you understand the scope and limitations of cyber insurance policies, that sufficient coverage is in place, and satisfy yourself that all policy obligations are being met by your organisation to ensure any claims are not denied.
Cyber insurance may cover:
- Loss of revenue due to interrupted business
- Hiring negotiators
- Paying a ransom
- Recovering or replacing your data
- Legal claims
- Investigation by a government regulator
- Copyright infringement
- Misuse of intellectual property online
- Crisis management and monitoring
Ensure your organisation is properly protected from cyberattack
As a board member, the 5 questions above should be the foundation of your understanding of how you need to protect your organisation from cyberattack. If you’d like more information, get in touch with the Grassroots IT team on 1300 554 138 or contact us online.