At the August CEOtoCEO breakfast, Tom Gobeille of National Computing Architects and two members of the FBI cyber task force asked business owners one important question: “Does your business know what to do in response to a cyber attack?” Cyber attacks on businesses of any size are growing in quantity as well as in scope. It’s not just large companies with massive amounts of data who are targeted. It’s also small businesses, individuals, even entire nations. And the consequences of an attack aren’t as simple as many might think. Aside from the headache, there is massive financial loss that too often accompanies a cyber breach, stemming from loss of business, intellectual property theft, mitigation service expenses, and business disruption.
So what can you do to protect your business?
Gobeille and the FBI agents offered some key insights, providing an overview of the past, present, and future states of cybersecurity, as well as what measures you can take to keep your business and customers safe in the rapidly changing cyber landscape. Chief among those measures is an Incident Response Plan (IRP). Like a fire drill, an IRP can be simple. It includes the action steps to be taken and allocates responsibilities in the moments during or following an attack. Strong and organized leadership in these moments demonstrates to all employees and everyone involved in the IRP that there is a plan in place to handle these types of events
The main concerns that need to be addressed when forming an IRP are:
An IRP is just like a fire evacuation procedure. A regular, monthly cyber drill that engages your employees and teaches them the appropriate response is the only way to give your employees the confidence to follow the plan. In addition, the panel of speakers offered some basic “Do’s and Don’ts” in responding to an attack. For example:
Their most imperative word of advice, however, is even more simple. Business owners cannot ignore this threat and need to learn the risks and consequences of a cyber attack. The IRP will help companies ask the right questions and be prepared to protect their business. The buck cannot be passed to a CTO or an IT department. Rather, cybersecurity, like many other parts of any business, affects everyone in the work place from the executive suite down. For additional reading, the FBI agents provided the following resources
REPORTING A FEDERAL CRIME: