A good Cyber Security posture includes 5 distinct areas. IDENTIFY, PROTECT, DETECT, RESPONSE and RECOVER.
Step 1: IDENTIFY
How do you identify risk? First you need to clearly understand your specific areas of risk through (regular) auditing. Using the analogy of a house (which I'll stick to this week), identifying issues at home may include: Knowing and documenting your entry points and vulnerabilities: Doors, windows, locks etc; the threats: Burglary, fire, flood etc, and your areas at risk: Jewellery, electronics, personal effects, other valuables - AND the impact of these being stolen or damaged. Once you have fully IDENTIFIED your risks, threats, vulnerabilities, and the potential impact of a breach, you have the building blocks to creating a strategy to protect your home. This is the same process to follow with your business. Have you IDENTIFIED your entry points, vulnerabilities, threats and risks? If not, how can you protect yourself?
Step 2: PROTECT. Now that you've IDENTIFIED your risks, threats and vulnerabilities, it's time to PROTECT. Keeping with the house analogy, protection would include: Upgraded doors and windows, upgraded locks, a "beware of the dog" sign, and educating those you live with to follow the rules (always lock doors, don't open the door to strangers, turn on the alarm etc). In the case of Cyber Security, PROTECTION may include: Anti Virus, Advanced Endpoint protection, Firewalls, robust password policies, software patching, enhanced Office 365/Cloud security configuration, Multi Factor Authentication, mobile device management, and physical security - door locks and access control, physically securing devices, storage media etc. Education is also a critical part of every successful strategy - teaching your people that security is every employees responsibility, and what rules to follow to keep your business and it's data safe. What steps do YOU take to PROTECT your business?
Step 3: DETECT. You've IDENTIFIED risks, threats, and vulnerabilities, as well as put in place systems/processes to PROTECT them. Next, comes DETECTION, how would you know if your systems/PROTECTIONS are being attacked, or have been breached? Sticking with the house analogy, DETECTION methods could include an alarm system, motion sensors, CCTV, a doorbell camera, and your local neighbourhood watch. Knowing that someone is trying to break in or has successfully done so allows you to RESPOND (covered in tomorrows post). In the world of Cyber Security, monitoring and alerting systems are required. Tools to monitor your systems for unexpected behaviour, custom alerts set up for unusual activity in your environment (logins from unexpected IP addresses, new Administrator accounts, or any other behaviour that is out of the normal pattern). Configure these well, with instant SMS alerts, and you'll have a much better chance of DETECTING the intruder as they try to (or successfully) breach your systems. Without them, how would you know? The average time it takes a business to realise they've been compromised is 191 days. Would you want someone in your house/business unnoticed for 6 months??
Step 4: RESPOND Having run through the process of IDENTIFY, PROTECT, and DETECT, you now need a plan to RESPOND. In the analogy of a house, this may involve the police, the company monitoring your alarm system, and even a cricket bat/gun (depending on your local laws), which give you avenues to RESPOND to a known threat. In the world of Cyber, what tools do you have at your disposal? An INCIDENT RESPONSE plan is MUST; a documented set of processes that must be followed to contain the breach, remove it, understand what data was accessed, and how to talk to/report to. This will save a lot of time, money and frustration. In addition, having a great Security Provider to assist is crucial. You should also have advanced EndPoint protection (backed up by 24x7 service) to address these issues in real time (even if they happen at 4am). Do you have an incident response plan? What would you do if you suspected or knew about a breach?
Step 5: RECOVER. A robust strategy is in place. You have: IDENTIFIED risks, PROTECTED assets, implemented DETECTION, and know how to RESPOND. However, what do you do when there is a successful attack or breach? You NEED to know how to RECOVER. Again with the house analogy - your home has been broken into, items have been stolen and damage has been done. The police have visited, the incident recorded, and now its time to tidy up, replace items and move on. Hopefully, you'll have a reliable insurance policy to help with the costs. In the Cyber Security world, you MUST have an Incident Response Plan. This is a documented process to follow to react/respond and recover from a security incident. It must cover: who to contact, what information to collect, how to recover systems/data etc. Without one, prepare for chaos! I've seen this happen too many times. To RECOVER, you must also have a validated backup of ALL critical data and systems, along with robust Cyber insurance policy. I highly recommend reviewing our policy carefully to understand what it covers, and what it does not. With these steps in place, you can RECOVER from a Cyber Incident - and if you're in business, it's not IF you'll be attacked, it's WHEN. Be prepared.
Need a hand improving your Cyber Security? Contact us now.