I wonder if you happened to catch the 60 Minutes interview on Easter Sunday called Shields Up or the interview last night with the FBI director, Christopher Wray? Both were great interviews and highlighted the importance of Cybersecurity and the possibility of Russian and China-based Cyberattacks.
These countries love Cyberattacks on American-based companies because most companies still believe that no one is looking to harm them. Traditionally, no one wants to invest in solutions they feel won’t affect them. I can tell you that it’s not a matter of “if” you will be attacked. It is a matter of “when,” and it will happen. Before an attack working with a Fractional CIO can save you lots of money in the long run.
I know you are skeptical, and you probably should be. Let’s talk about that. It would be best if you probably were looking to purchase Cyber Insurance at this time. However, the Cyber Insurance company will want to mitigate their risk by making sure you have minimum security in place.
The first part of any solution is pre-planning. Inventory everything and be complete. Make sure everything is on your list. If you use an automated tool to do the inventory, verify everything by doing a Walkthrough of the company. I had seen clients surprised by having equipment for years that they didn’t know there and had never used, and they couldn’t even remember when or why they bought the hardware.
Update all equipment with the latest security patches, including ALL devices attacked on the network, such as printers, computers, laptops, servers, routers, switches, and firewalls.
Next, identify all the stakeholders. Every department needs representation and a say in prioritizing areas to be recovered in what order and how quickly. The plan needs to be well documented and put together in a playbook, and disseminated so that everyone knows their role and what exactly needs to happen when there is an issue. Remember that technicians will always leave out steps because they “assume” they are common knowledge and will not forget them. Assume nothing.
The Goal of the playbook is to have a replicable process. What do I mean by that? Once you have a written playbook, test it. Following the procedures to ensure no missed steps, transcribe any changes to the plan. You should have several “paper” runs, where you test the playbook on paper with all the stakeholders and then have at least an annually scheduled test to make sure you can recover when needed. Most companies will schedule a test run but always find an excuse not to perform one and then wonder why it doesn’t work when needed.
Remember I said a fractional CIO could help save you money? Having a technical person like the CIO will know which steps are missing and whether or not the playbook steps are granular enough to be successful. Also, How long can your company continue to run without its technical infrastructure? A day, a week, a month? Knowing this can help set your priorities.
At JAYCO CIO Services, we can help manage your technical teams and put together a plan to help you when you get attacked. We offer fractional CIO services and can protect you by helping find the right vendors for Cyber Insurance, Cybersecurity Penetration Testing, and managed service providers.
Are you not sure you are ready for a CIO? We have an assessment that we can do with you to point out areas of concern. Remember, Cyber attacks are not going away. They will only get worse and more frequent. Don’t get caught off guard.