It won’t happen to me… 12 steps to ensure you are a resilient organisation.

It won’t happen to me… 12 steps to ensure you are a resilient organisation.

28th February 2020

Stop fighting fires and get prepared.

Everyone thinks they are invincible. Everyone thinks it will never happen to them. Everyone thinks that no one would ever be interested in what they have.

That is what the criminals count on. They rely on the fact that humans innately trustthat everything will be fine. It isn't until something bad happens that we realise just how vulnerable we are.

Cyber crime and data security incidents will affect every business at some point. TheDepartment for Digital, Culture, Media & Sport carried out a survey in 2019 which found that:

  • A third of all businesses had identified a breach or attack in the last year.
  • 80% of businesses had reported phishing attacks.
  • ¾ of business now see cyber security as a high priority.
  • Yet, less than 30% of businesses had provided any cyber security training.
  • Only a third of those surveyed had carried out a cyber risk assessment in the last 12 months.

Reference: CSBS_2019_Infographics_-_General_Findings.pdf

Even if you believe that you have put thorough and robust defences in place, there is always the chance that someone will get through and you may have an incident to deal with. It is therefore also essential that you consider what you would do to keep your business going should the worst occur. Business continuity is the process of planning a strategy to ensure your longevity should you find yourselves dealing with a difficult event.

Here are some top tips to keep your business succeeding should the worst happen:

1) Ensure you have regular backups of your organisation’s data.

2) Keep your data backups off-site.

3) Ensure that backup are tested every month to ensure they are working correctly and that they have not become corrupted.

4) Protect your backups up appropriately – this could include a locked safe or encryption for example.

5) Have a documented plan for what will happen should there be any downtime of your systems.

6) Make sure key members of staff are prepared with their roles and responsibilities.

7) Make sure there is a clear process and communication chain for staff to report any incidents.

8) Make sure any security concerns are fully investigated.

9) Report any incidents to the appropriate bodies i.e. the ICO for a data breach,Action Fraud for serious phishing cases for example.

10) Keep a record of any incidents and the mitigation steps you took, in order to learn from it and work to ensure it doesn’t happen again.

11) Review your plans and procedures at least once a year – business environments change regularly and you need to stay up to date.

12) Test your disaster recovery plans at least once a year to ensure they would work – This could be a simple table-top exercise or role-play situation for management staff.

If business continuity and disaster recover is a concern for you, don’t forget to check out our services pages on this to see what we can do to help you.

Written by Emma Davis - Head of Testing & Training