When disaster strikes at home, you know what to do. But most executives have no clue what to do when a hacker locks down all their data and demands tens of thousands of dollars in cryptocurrency.
Affiliated has modeled our checklist and cybersecurity solutions based on the government-recommended best practices approach (the NIST Cybersecurity Framework), and we have presented this five-step security model to all our clients and prospects over the past five-plus years. And once they start adopting these measures, they start to gain control of their IT environments.
Step 1: Identify
Before you can protect your network and data, you must better understand what you are protecting.
- What exactly are you trying to protect? Make a thorough list of your technology assets.
- What are your expectations in getting your systems back up and running and preventing a data breach?
- Determine your current level of risk with a comprehensive risk assessment.
With our once-a-year risk assessment, we help our customers with their assets and software. Next, we sit down with the leadership team and put their priorities on paper to maximize IT efficiencies and security.
Step 2: Protect
This is where most companies focus their IT efforts, but it can't be the only area of focus. In this vital step, you should be able to answer the following questions:
- How do you log in to your systems and who can log in?
- Do you have a password policy and procedure? More importantly, is everyone in your organization following it?
- Do you have current policies and procedures regarding adding antivirus software and patches?
- How does your backup work and what does it cover?
In a recent survey, one-third of companies admitted their backups were not good enough if they ever had to recover from an incident. They risk losing considerable data and productivity.
- Are you simply protecting your end points with antivirus software?
- Do you have a user-awareness training program?
Simply sending out a phishing email test once a quarter is not sufficient. You should implement an ongoing awareness program that trains every team member.
Step 3: Detect
People often assume burglar alarms prevent robberies. However, it's more of a detection tool because an alarm sounds and people are notified of a potential incident. In cybersecurity, the proactive stage of detection is crucial to significantly reducing exposure and preventing data theft.
- Can you detect when your network is potentially compromised?
- How soon after this compromise do you get an alert?
Many ransomware attacks start with the hacker breaking into the system months before they lock your data and request a large payment.
Step 4: Respond
You come into the office, find your system is down, and can't access any files. Fear consumes you as you stare at a daunting message saying you won't get your customer records until you pay $25,000 — or more. What do you do?
The steps you take next could very well determine if you get your data back, how much you pay (if anything), and just how long your employees are sitting idle and unproductive.
- How do you mitigate the threat and isolate it to a single computer?
Most people simply turn off the compromised computer. That's not necessarily what you do. Rather, you keep it on and disconnect it from the network. Also, instead of
scrubbing the machine, it's important to do forensics on it to prevent further damage.
- Have you documented your response plan?
- Whom do you need to call — your cyber liability insurance or the authorities?
- What is the message you want your staff to convey to customers, clients, vendors, etc.?
Step 5: Recover
In the rare case where a client endures a cyberattack, I get to call and tell them that our managed backup-solution process worked — we successfully remediated the exposure and recovered all their files. At that moment, I can feel all their worries melt away.
But if you want a happy ending to your own story, it's crucial that you have a plan in place to successfully restore and return your affected systems and devices back to normal. Questions to consider during the recovery step:
- Can the system be restored from a trusted backup?
- How soon can systems be returned to production?
- How do you ensure similar attacks will not reoccur?
Click here for more information on our cybersecurity solutions.