Our recent Tech Essentials guide to cyber recovery has a wealth of advice and guidance on what you should do if the worst happens and you suffer a cyber-attack. This guide refers to our series of Audit Insights: Cyber Security reports which posits ‘you will be compromised’ and firms need to do ‘the basics’. I outline below an overview of the guidance included in the Tech Essentials guide.
Where to start
Interestingly, the guide suggests that education is a vital component of preparations to resist, respond to and recover from cyber incidents. People must be aware of potential threats and how to respond. It suggests firms should raise cyber-awareness, share real-life examples (the guide is full of them) and provide practical support to employees.
The guide outlines five steps that will lead to successful response to and recovery from adverse cyber incidents
1. Stay informed
Make every individual in your organisation cyber security aware. Educate them on how to recognise and respond to the main threats.
2. Do the basics
Implement basic technical controls including securing internet connections, devices and software, controlling access to data, systems and services, and protecting against common cyber threats.
3. Plan for the worst
Identify critical assets and cyber threats, develop plans to resist, respond and recover and integrate them into business continuity plans.
4. Practise and review
Test and review the effectiveness of cyber incident response/business continuity plans at least once a year. Even a desktop run-through can highlight strengths and weaknesses.
5. Lead from the top
Put cyber security, resilience and recovery on the agenda at the highest level of your organisation. Ensure that owners/the board/directors/partners/managers understand threats and risks.
The importance of stories
The guide includes a number of case studies from firms, some of whom are very candid in describing what went wrong and what they learnt in the hope readers will benefit from their experiences.
Glossary and other resources
The guide includes a glossary and references other material from ICAEW and the NCSC available to members.
The Tech Faculty has worked with other colleagues in ICAEW and has created a step-by-step guide, freely available to all ICAEW members, that provides a detailed cyber-attack response plan. The suggested actions are categorised by immediate actions following a cyber-attack, within 24 hours, next day, before incident closure, and follow-up and lessons learned. Steps are very clear, concise and action-oriented.
The Audit Insights: Cyber Security guides are available to anyone on our thought leadership pages.
The full Tech Essentials guide to cyber recovery is available to Tech Faculty members as part of their annual membership. You can read more about the faculty at our online joining page.