2020 has been full of challenges for everyone. And on top of everything else, we have seen cybercriminals taking advantage of the chaos and increasing their efforts. Unfortunately for all of us, they have become increasingly successful as well. For the past several months we have focused on ways to increase our security and awareness in order to prevent a compromise. But what about when the inevitable occurs and the bad guys break through those measures?
Having a plan can help save the day! Not only does it serve as a road map to help you navigate a very stressful event, but it can also save you a lot of money in the process. IBM Security’s 2020 Cost of a Data Breach Report showed that having and testing an Incident Response plan reduced the average cost of a breach by nearly $300,000! A similar result was obtained for having and testing a business continuity plan. Taking the time now to think about – and document! – what you would do in the event of a breach or disruption will save you a lot of time, money, and stress later.
It can be overwhelming to try to put these together all at once. So don’t! Start out small and simple. Then add on over time as you refine your processes and procedures. The important thing is to get started. And once you have the policies in place that document your business functions and how you would respond to an incident or a business interruption, take a look at the regulations from other industries to see if there are other areas you may want to document. A good resource may be the New York Department of Financial Services Cybersecurity Regulation.
But isn’t there just a quick form out there I can use?
Well, sort of. There are forms available – and we have examples in our Practice Guides – but there is a catch. Since these policies and plans are a roadmap for what you will do in the event of a breach, it is critical that they are customized for the technology, risks, operations, and people within your organization. You can make them even more effective by specifically addressing common scenarios such as a successful phishing email, a business email compromise scam, a ransomware attack on your systems, or a denial of service attack on your website. Imagine how much easier it will be to respond to an incident if you only have to open to that page in your playbook and follow the steps!
Once you have these plans in place, the work does not stop there. Just like we practice fire drills so we know what to do if a fire occurs and can identify areas of weakness in those plans, you should annually test your security related policies and plans. Through this testing you will likely find areas that can be improved and ensure they are kept up to date with any changes in technology, employees, vendors, etc. You may even consider hiring a company to test your procedures and safeguards by trying to break into your network. These vulnerability and penetration tests can serve as a checklist for areas that may need attention.
With these preparations, along with the measures you already have in place to reduce the risk of an incident occurring, you will be well on your way to detecting and stopping an attack and then getting back on your feet quickly afterwards. And that is something to be thankful for!
About the Author
Patrick is the Vice President of Enterprise and Operational Risk Management at Lawyers Mutual as well as filling the roles of Corporate Secretary and Director of Information Security. He is an NCSB board certified specialist in Privacy & Information Security Law and has been designated a Fellow of Information Privacy and a Privacy Law Specialist by the IAPP. He is always happy to talk about his collection of tinfoil hats or to discuss risk management advice and resources that you may find helpful - you may reach him at 800.662.8843 or firstname.lastname@example.org.