The news media certainly are doing their best to frighten us. It seems that every week, there’s another article about a cyberattack somewhere in the world – and the common thread is that the attack was unexpected and the victims didn’t know what to do to avoid (or solve) the problem. Don’t let this happen to you, or your organization.
- Get educated: Do you and your employees know about the most common types of cyberattacks: malware/virus outbreak, ransomware, data breach, distributed denial of service and insider threat? Do employees know what to do if they receive a “phishing” email? Would any of these five types of cyberattacks meaningfully affect your organization’s ability to operate? There’s a wealth of helpful information out there for the layperson and IT expert alike, such as Information Week’s Dark Reading
- Get prepared: Avoiding a cyberattack is not always possible – so have a process in place to evaluate and respond to threats. Who are the key people on your incident response team, and how do you contact them after hours, if needed? For ease of reference, can you boil down your crisis response process into a one-page graphic? What’s the difference between an “incident” (normal response) and a “crisis” (all hands on deck), based on factors that are likely to include severity, business impact and media/social media attention? Do you have communication templates in place so you’re not attempting to write customer emails and call center scripts from scratch during an actual cybersecurity crisis?
- Get moving: A crisis communications plan does no good if it simply sits on a shelf. It’s a best practice to conduct a crisis simulation “tabletop exercise” annually for business leaders and the incident response team – which helps you refine your plans and facilitate business continuity should an actual crisis occur.