There is no one size fits all, quick and forever fix when it comes to keeping your business or your personal life safe and secure from Cyber Threats. For businesses it’s key to ensure that you are as resilient as possible in the face of a potential cyber-attack or data breach. Embedding the right practices and culture within your organisation is a key element of cyber resilience.
As the CEO of the National Cyber Security Centre said in her speech at Chatham House on 11th October 2021 “And therefore absolutely central to the UK’s response to these threats is resilience”, this was her highlighting that the greatest cyber threat the UK public and businesses face is from organised criminals, and that being prepared when attacks occur is central to defending our lives and businesses.
Resilience is about being prepared for security problems by developing an Incident Response Plan (IRP), along with the associated processes and technical capabilities. Incident Response Planning is an organized approach to preparing for, detecting, containing and managing a security breach or cyberattack, Your IRP is there to minimise damage, protect your data & systems, and to ensure your business recovers from the incident as quickly as possible. Ensuring that you have an IRP in place means that you will have a pre-determined way to respond proactively and quickly, making clear decisions based on the information needed by your business to do so.
For smaller businesses it may be that having a full IRP and team supporting this is not necessary or possible, so to this end it would be more appropriate for them to have a more simple checklist that the decision makers managing the incident can work through quickly to get the business back to where it needs to be.
In either case, it is important that you or the staff within the business responsible for incident management know who to contact in the event of a security incident or data breach.
Alongside being as resilient as possible, it is important to focus on prevention. Focusing on prevention isn’t a guarantee that you be able to fully prevent any attack, and the impact it will have when it hits your business though. This is about investing in the areas that will build on your resilient foundations on an ongoing basis. Investing time and budget on training and education, and ensuring ongoing conversations around your organisation will add a layer of protection that would otherwise diminish over time.
There is a lot of valuable information available to guide you through the best approach for your organisation. In their 10 Steps to Cyber Security, the National Cyber Security Centre has a great overview to Incident Management. You could also take a look at what support is available from the Cyber Resilience Centre’s, we work closely with The Cyber Resilience Centre for the East Midlands and the Eastern Cyber Resilience Centre.
Of course, we also have a lot to offer such as our Incident Response Planning Workshops and some insightful articles to get you up to speed.