When it comes to a cyber attack, many businesses know how they’ll react to the breach after it occurs. However, not many businesses think about what they’ll do before a hack. Just as much work goes into preparing for a hack as it does when it comes to rebuilding from one.
The Department of Justice has released version 2.0 of its “Best Practices for Victim Response and Reporting of Cyber Incidents.” This 25-page report outlines all a business should know when it comes to the moments before, during, and after a cyber breach.
We’re breaking that report down into a series of blog posts so you have the information you need to keep your business, your data, and your customers safe.
When it comes to what a business should do before a hack, the steps can be summed up by three short words: education, communication, and planning.
Any group that makes decisions for your business, from managers to trustees, should be made aware of just how damaging a data breach can be. A breach doesn’t shut down your business for a few minutes. It shuts it down for days, weeks, or maybe even months.
Only when senior management is aware of the dangers can decisive action be taken to prepare for and prevent a hack. Keep senior management informed through briefings, risk management strategies, and even false data breach scenarios and exercises.
Prioritize Your Efforts
The Department of Justice calls this step “identifying your crown jewels.” Decide what’s most important to your business and its technology. For some businesses, that may be emails. For businesses in the medical field, it may be patient records. For others, it may be intellectual property or data processing software.
Which of your services and data deserve the greatest protection? What can’t your business survive without? Whatever your business decides, that’s where most of your efforts should be directed.
Build an “Actionable” Plan
Your business should not be crafting a plan after a hack occurs. It should be doing it before. How will the incident be contained? How will vital information and evidence be collected?
Other questions your plan should answer:
- Who will make decisions?
- How will you contact critical personnel?
- Will you obtain incident response assistance?
- How will you restore backup data?
- When will you notify law enforcement?
Make sure this plan is up to date. Establish concrete goals and set timelines. Even print out a physical copy of this plan so it’s available should all of your systems crash.
Engage with Law Enforcement
Reach out to the local branches of federal law enforcement agencies like the FBI and Secret Service. Give law enforcement an inside glimpse of your business. Tell them what you do. Talk to them about your biggest concerns. Find a point-of-contact. When you establish a relationship early, it will be easier for you to get in touch with federal law enforcement should disaster strike later.
Put Procedures in Place
The final step your business should take in preparing for a cyber incident is to put company-wide “commonsense cybersecurity practices” in place.
Make patches, or software updates, a regular part of your IT department’s task list. Limit the availability of data by enforcing access controls and network segmentation. Require passwords and multi-factor authentication. Install a firewall.
Finally, ensure logging is available on all devices so that, should a hack occur, logs of device activity are on hand for you and investigators.