October is Cybersecurity Awareness Month, but it’s about more than just awareness. It’s important that your organization is prepared for the inevitability of facing cyberthreats.
Sun Tzu had a saying that goes something like this: “The person who wins the battle makes many calculations before the battle is fought. The person who loses makes but few calculations beforehand.” This month, let’s focus on not only being aware of threats that can affect our business continuity, but also on being ready to take action when an incident occurs—because in today’s business world, it’s not a question of if you might incur an incident, but rather when it does occur, what steps will you take to mitigate the loss as much as possible? Have you considered regulations and compliance measures to mitigate the loss of business revenue, reputation, and survival?
Let’s start by determining if your company has a risk strategy program in place to secure and keep private your most critical assets:
- Does the plan include policies and measures that align with company expectations?
- Do protocols and procedures exist to ensure that client data is being handled properly?
- Are data security, confidentiality, integrity, and availability (to authorized personnel) controls in place to mitigate threats that could be exploited?
Having a proper risk management program (RMP) allows companies to focus on critical assets that affect the business continuity of an entity. It provides insight into what programs (business continuity, disaster recovery, and incident response) should be created, communicated, and practiced to minimize disruption from a breach.
Emerging technologies have increased the threat vectors now being felt in many industries. One prime instance is cloud computing and the efficiencies and advantages it provides companies within data housing, application creation, and testing capabilities, to name a few. When working on a risk management program, keep in mind that the cloud is an extension of your network. The same principles in safe-proofing your data should be considered. Compliance measures greatly expand when going out to the cloud:
- Where is the data housed?
- What privacy practices are being followed by your cloud service provider and its partners?
- What’s your responsibility?
- Is there a disaster recovery plan in place, and how do you know your cloud data recovery will be in line with your expectations?
All these questions should be a part of an overall RMP. Regulatory bodies will be the first to approach you when a breach occurs and will want to know that private data (wherever it may be) has not been compromised. Know your risks.
At ConvergeOne, we have been helping many clients across all industries to prepare, create, and maintain RMPs. Knowing what is needed to protect—and where it is located—is key to furthering a sound security program and risk posture.
Every week this month, we will be showcasing the main plans that should be part of every RMP:
- Business Continuity Plan (BCP)
- Disaster Recovery Plan (DRP)
- Incident Response Plan (IRP)
All three are part of our Cybersecurity Awareness (and Preparedness) Month motto: When you fail to plan, plan to fail.
[Security Magazine Webinar]
The Rise of Double and Triple Extortions
THURSDAY, OCTOBER 28TH | 11:00 A.M. ET
Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight. In the last 12 months, we’ve observed successful attacks on our US water supply, a $50M ransom demand on a global manufacturer, and an alarming increase in healthcare and K-12 education ransomware attacks aimed at limiting patient care and student learning.
In this webinar, we will review the following items:
- How to Prevent, Detect, and Recover from Ransomware
- Post-COVID Ransomware Landscape
- Anatomy of a Ransomware Attack
- Best Practice Strategies to Leverage Immediately