How to avoid making these 9 mistakes during a breach!

For any organisation a computer breach or cyber event can cause major problems no matter your size.

In today’s business world of digital disruption, the ongoing threat from digital attack is always there.

A large proportion of C level Execs, Board members and owner/managers all have the same attitude to a breach.  It won’t happen to me!

We have to change our attitude for combating a cyber event so that no matter what happens we can be back to business as usual as fast as possible.

Pull out your plan!

You do have a breach plan?  Everyone in the office knows where it is?

Everyone knows their role in a cyber event?    The plan has been tested?     You have both a physical and digital copy of the plan? All good questions requiring good answers.

You do Understand that the bad guys can attack you from anywhere?

Although the impact can be different, an attack on your organisation from the digital realm can come from anywhere.   Known and unknown vulnerabilities, social engineering, social media or nonintentional and intentional insider.  All these attacks will appear differently and have to be managed differently.

Everyone knows what they have to do in an event, don’t they?

The only way that people will know what to do is to exercise and inform.  A plan sitting in a draw and only bought out in the middle of a crisis is practically useless.  You do not want a cyber event to be the first test of a plan.  IT WILL FAIL.

Not everybody needs to get involved!

Actually yes they do!  Ideas, solutions and direction can come from the most unexpected people and places.  Having everyone involved just gives you more options.

You have tested your resilience?

One of the most important parts of a breach plan is getting back to “business as normal”.  To do that Business Continuity, Disaster Recovery and Resistance plans need to be developed, documented and tested.  To test them without an actual event is a really good idea.

What is the time frame?

It will seem in the middle of a breach that there is not enough time to get things done.  There is, it is a case of prioritization, sticking to the plan and getting things done as fast as possible.

You have implemented your industry compliance requirements?

If you have implemented a framework (i.e. NIST CSF) then you are already in the process of compliance.  A framework just takes the complication out of compliance. it is not a tick box process, it is a process involving addressing the right requirements in a systematic way.

Tested the plan, have you?

There are many ways to test the plan.  From a full test of the plan with everyone involved to a tabletop exercise of key personnel, to asking a user / staff member what they would do in “X” situation.

Everyone knows what you are talking about when it happens

The language of an attack can be different from the everyday conversations happening in the office.  you need to ensure that everyone has an understanding of the language that may or could be used.

Like the boy scouts, being prepared is a fine position to be in when it comes to reacting to a cyber event.  If you are not prepared for the attack or think you are immune so why prepare, when it does happen you will have nowhere to go and will not know what to do.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.