Almost daily we read about the latest cyber crime. As a result I suspect many organisations believe that they are defenceless and put cyber crime to one side. Believing it will never happen to them or that there is nothing that they can do to stop it.
Most of what read about in the press are the major incidents. The huge companies with cyber crime incidents that effect hundreds of thousands if not millions of customers.
What we do not read about each day in the press are the small office fires, floods and break-ins that happy daily across the country daily. And yet no company would dream of not taking precautions to protect their office from these types of incident. The installation of good quality door locks, fire and burglar alarms is ubiquitous. Cyber crime is not an IT issues but a business issue and should be thought of in the same way that we protect our homes and offices. The 10 Steps To Cyber Security for Smaller Firm are the basic security locks for IT.
Solid defences are only part of the story. Once a cyber crime or data beach has occurred – and it will – then what happens? Do you have a business resiliency plan?
Creating a compressive plan is not a five minute job. It will take effort and consideration. Often making use of a range of people in an organisation who may have a particular understanding of one aspect of how your business operates.
I would suggest considering the following IT issues as a starting point for any business resilience plan:
Are staff able to work from home?
How will you alert or communicate with your clients?
Do you regularly test your backups?
Have you got a printed version of the business resilience plan at home?
How about your client connect information?
Do you know the name of a local plumber/electrician/IT supplier?
The more you think about the impact of a disaster the more detailed and useful the plan will become. A comprehensive plan will make any company more resilient when disaster strikes.
Equal consideration should be given to cyber crime related events:
In all these cases you almost certainly will need to a client communication plan. Always inform Action Fraud.
Being prepared for an incident will place any company in a stronger position to survive. Be that flood, fire, theft or cyber crime.
Our Cyber Security resource page is at icaew.com/cyber