Cyber incidents: a best practice checklist
Quantifying how well your security is protecting you and putting solid strategies in place to respond effectively in times of crisis has never been more important.
Attackers are constantly finding new ways to obtain sensitive data and access to critical systems, so being prepared to protect, detect, respond, and recover to cyber hacks is imperative.
The growth of remote working and the rapid shift to cloud have only exacerbated the problem, making the attack surface larger than ever. To have the best chance of protecting your sensitive data and systems, you need to work through how you effectively prepare for and react to these threats. Here’s our list of best practice tips from experts in our Security Advisory Services.
1. Identify the critical and sensitive systems, people, assets, data, and capabilities within your business and across your supply chain.
- Start by confirming organisational security roles and responsibilities are up-to-date.
- Check equipment inventories are maintained, and ownership details are correct.
- Review your existing security risk assessments and decide if these are satisfactory to deal with possible new attacks.
- Consider the security of web and cloud-based applications internally and across your supply chain.
- Develop and implement appropriate safeguards to ensure delivery of critical services.
- Ensure all staff security training is up-to-date and that users cannot access IT systems when it is no longer required.
- Confirm suppliers are fulfilling their contractual security obligations.
3. Detect when, where and how a cybersecurity event is occurring
- Make sure you have sufficient physical security measures in place to detect compromise of infrastructure.
- Check you have the correct network security controls in place; consider access control, identification, authorisation, and authentication.
- Operationally ensure both patching and antivirus software are up-to-date and are feeding incidents to a monitored platform.
4. Plan how to respond in the event of a cybersecurity incident
- Test your incident management procedures and business continuity plans, to make sure they are current and have been reviewed recently.
- Check you have communication plans in place with stakeholders, government agencies and external stakeholders where necessary.
- Deploy mitigation procedures to limit the effect and disruption of cybersecurity incidents.
5. Define how you would go about recovering from a cybersecurity incident
- Make sure backups are recorded and tested to give your organisation the best chance of quick return to operations.
- Maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Identifying, quantifying, and mitigating the risks across your organisation can be challenging. Our Security Advisory Services are here to help you at any stage in your cybersecurity incident response journey. We can use tooling such as SAFE Security to quantify risk, complete a Security Health Check to give your organisation a starting benchmark, or undertake Red Teaming exercises to put your defences to the test.
For more information get in touch with an expert.