Resolve to Be Ready: 5 Ideas to Jump-Start Your IT Preparedness Plan
New year, new threats. Is your organization protected against a cyberattack?
What is 'Resolve, To Be Ready?'
Every January, Ready.gov, offers practical emergency preparedness tips for individuals, families, and organizations. Some tips are effective preventative measures while some help develop a disaster recovery plan in case of a natural disaster, accidental emergency, or cyberattack. The first step to “Being ready,” is staying informed about the different types of emergencies and their appropriate responses.
Municipalities, water districts, utilities, and other special districts have an added priority to protect its citizens, maintain public services, and secure cities. Cybersecurity is an integral part of every organization’s security and disaster recovery plan.
We are encouraging all in our community to look at 3 ways to Resolve to Be Ready in 2022:
1. Review and Update your Cybersecurity Policies & Standards
One of the best points Cyberstone Security CEO, Joe Yetto, mentioned in our December 2021 Cybersecurity was that employees are often more aware of their organization’s dress code than its cybersecurity policy. For example, policies and standards define requirements and set the tone for the office. While employees know not to wear a T-shirt to a customer facing meeting, they may walk away from their workstation without locking it down.
How well do your employees know your cybersecurity policies and standards? When was the last time policies and standards were reviewed and updated?
Employees, more often than not, are the weakest link to your organizational security. For this reason, consistently educating your team on good cyber hygiene, safe internet browsing, and avoiding phishing attacks can be important as educating them on workplace dress code or their job responsibilities.
2. Ensure you Meet Requirements of your Cybersecurity Insurance Policy
Business’ can purchase cyber liability to help reduce the financial risks from doing business online. An article from Tech Target covered the basics of cyber liability insurance and why it is so critical:
"In 2011, Sony's PlayStation Network was breached by hackers, exposing personally identifiable information (PII) of 77 million PlayStation user accounts. The breach prevented users of PlayStation consoles from accessing the service, an outage that lasted for 23 days. Sony incurred over $171 million in costs related to the breach. Portions of this cost could have been covered by a cyber insurance policy, but Sony did not have one in place. A court case ruled that Sony's insurance policy covered damage to physical property only, leaving Sony to incur the full amount of costs related to cyber damages."
In 2021, cybercriminals attacked a new organization every 11 seconds at an annual cost to the global economy of $6 trillion. Small business are not exempt. Cyber liability insurance can offer financial protection in the event your business’ non-tangible assets, like data, are breached or stolen and lessen the exponential costs of the damage. However, many Cybersecurity Insurance require that specific security tasks as daily antivirus updates, daily offsite backups, regular disaster recovery tests, encryption, patch management, and intrusion prevention and detection.
3. DRaaS (Disaster Recovery as a Service)
Most Californians feel earthquakes are our number one threat of natural disasters. Each year in October, California conducts The Great Shakeout to prepare Californians for an unpredictable disaster. We create and test processes and practice for before, during, and after the event.
However, in 2020, local governments and utilities paid over $18 billion in recovery costs from ransomware attacks. A cyberattack can result in stolen data, encrypted systems, and costly downtime. Organizations need to create processes and practice for before, during, and after a cyberattack. Backup is not enough. Organizations need to overcome the misconceptions of data backup and data recovery to be protected, prepared, and ready in case of an unpredictable attack.
Two way to Resolve to Be Ready for the recovery of a disaster:
- Define your RPO (recovery point objective) and RTO (recovery time objective) for each critical application/data set in your organization. An RPO (ie 24 hours) defines the last time your successful snapshot was performed of such critical applications, and sent to a secure location. An RTO (ie 48 hours) defines the amount of time it would take to recover these applications to the latest version. Defining RPOs and RTOs ensure that all stakeholders clearly understand your recovery objectives, and provide a definitive way to measure these objectives.
Ensure your DR Runbook is up to date and tested - Your DR Runbook goes hand-and-hand with your DRaaS plan and provides your organization with clear procedures for recovering from a disaster. At the very least, you should create and/or update your DR Runbook when you:
- Realize that your disaster recovery plan hasn’t been reviewed in months
- Add technology to your network, including cloud-based resources
- Can’t recall all the steps in what should be a standardized process
- Add or reassign roles in your IT department
Need Assistance in your Resolve to Be Ready?
AllConnected can help! Finding a managed service provider (MSP) that fits your organization’s needs is crucial for meeting both your industry’s requirements and company budget. AllConnected offers programs and managed services to ensure your IT infrastructure is properly protected, supported, and recoverable. We can also aid organizations in achieving regulatory compliance and meeting NIST 800-171 based standards, while fully managing your network. We do our best to prove our services efficacy so you can manage your team and responsibilities without concerns around your cybersecurity
Many of our services are based on the NIST 800-171 Cybersecurity Framework, which consists of standards, guidelines, and practices that can reduce your cyber risk and ensure your IT infrastructure is resilient and available.