Monthly Archives: January 2022

Be Prepared with an Incident Response Plan

It’s said often that the matter of experiencing a cyberattack is “when,” not “if.” How can your company begin to prepare itself for something that can adversely affect it? According to CompTIA’s article, an Incident Response Plan (IRP), can help you think ahead and have a plan in place when an incident occurs. Read on to learn more about preparing and protecting your company from current and future threats.


Incident Response Plans Defined


An Incident Response Plan is what it sounds like, having a plan to respond to a cyber attack incident and mitigate the damage. An effective plan is a “combination of people, process and technology that is documented, tested and trained toward in the event of a security breach.” The purpose of it is to mitigate damage (data and money loss) and restore operations. The National Institute of Standards in Technology (NIST) sets forth a few models for your plan, whether it will be handled by a central Cyber Security Incident Response Team (CSIRT), distributed among multiple response teams for locations or departments, or one in which a central body relays response plans to affected teams. While plans contain four phases, the first one of preparation can help prevent a lot of damage.


Steps in the Incident Response Plan 


Does everyone in your company know what to do first when a cyber attack hits? Do they know whether to power off their computers, and how soon they can resume work? What will managers do? Does your marketing team know who to communicate with, and when? These are just a few of the questions to address when considering your plan. Often the first step is mitigation, and your staff should know what to do. Whether you need to report data loss or remediate ransomware it is imported to be prepared


Crisis Communications


Communicating about the incident is another aspect of the plan; determining when to communicate, who will communicate and how to communicate should be considered in advance for likely scenarios. Having communications templates at hand may shorten the response time and ensure your message is on point. Knowing who is responsible for communications can free up valuable technical resources that may be focused on remediation vs. response.


Practicing Your Plan


If experience is the best teacher, how does a company gain experience short of a cyber attack? With “wargaming,” the incident response team can take employees through all stages of the response plan by staging a mock attack–a ransomware attack, for example. To start with, everyone should know what to do first when facing a threat. An important part of this testing is analyzing your company’s response, what went right and what needs improvement. 


Having a well drafted, tested plan in place goes far toward mitigating the damage from a cyber attack. For assistance in developing your plan, contact us today.

Employees a Key Part of Your Cybersecurity Plan

It is commonly said that employees are the “weak link” in your company’s cybersecurity plan. What if this was different, and they are actually a strong defense against cyberattacks? Read on to learn how to help your workers recognize and prevent a cyberattack, and to become security advocates for your company. 


Training Starts but Doesn’t End at Onboarding


Training is common when onboarding new employees, but it should also be consistent and frequent. Employees should know how to recognize a phishing email, a common way that malware can enter your computer network. Bad actors send emails that appear to be legitimate, in order to obtain confidential information. Keys to a phishing email are an urgent and emotional call-to-action, unknown senders, and grammar and spelling errors. Not only do your workers need to recognize suspicious activity, but how to report and even escalate the matter. Workers also need to remember best practices for password management. All cybersecurity training needs to be frequent and consistent in order to reinforce the lessons and practices learned and make them automatic. Thus your employees can become “minimal risk,” possessing a sense of safe and unsafe behaviors and knowing what to do when something happens. With employees working remote, online cybersecurity options provide an economical and efficient way to train on this topic. Many online training platforms offer phishing simulation to ensure learning objectives are achieved. 


Best Practices in Password Management


Let’s talk about passwords. Do your employees know what makes a good password? According to Google, a strong password can help safeguard your account, personal information and content like email and other applications. Best practices for strong passwords include choosing a unique, never-before-used combination of upper- and lower-case letters, numbers and symbols. Passwords should be safeguarded, not shared with anyone else, and managed, perhaps using a password tool. Passwords need to be changed regularly, every three months. The same interval is good for system login and applications like email marketing and customer relationship management.


Keeping your network and its data and applications safe from attack is a company-wide effort. Trained well, your employees can become your best defense, rather than a weak link. For further assistance, contact us today.