The Cybersecurity Unit of the Department of Justice (DOJ) recently released an outline of cybersecurity best practices. The document discusses what to do before and after a cyber-incident. The DOJ advises you to take specific steps before a cyber-intrusion or attack occurs. Your IT Company can help you to protect your business to minimize the risk of, and the damage from, a breach, by helping you implement these steps. As the document states “such pre-planning can help victim organizations limit damage to their computer networks, minimize work stoppages, and maximize the ability of law enforcement to locate and apprehend perpetrators.”
The following is the list of headings from part 1 (pre-attack) – with abbreviated descriptions and our comments.
A. Identify Your “Crown Jewels”
The first thing on the list is to identify the data, assets, and services that warrant the most protection from hackers – in other words, the things that would cause your company the most harm if they were compromised or unavailable. For every company this is different. It might be the ability to communicate by email, or specific intellectual property, or customer information. Your IT Company can help you identify these things and work with you to protect them through endpoint protections, redundancy, and a comprehensive backup plan.
B. Have an Actionable Plan in Place Before an Intrusion Occurs
A plan needs to be in place before any incident – and it must list specific steps to take – so that your company can respond quickly if an incident occurs. Every minute counts. The plan needs to address who is responsible for each element of the company’s response, contact information for critical personnel and organizations, what needs to be prioritized for protection, how to protect that data, as well as how to determine who and when to notify. A plan to prepare for a cyber-attack needs to be part of the Business Continuity Plan that you should have in place detailing how you will respond to any type of disaster. It would be in your best interest do a security assessment that lists each type of disaster that might possibly befall your company and how to respond to each.
C. Have Appropriate Technology and Services in Place Before An Intrusion Occurs
Here’s the IT part of the DOJ’s outline. Your business should have technology services in place, or ready to access, that you will need to respond to a cyber-incident. This might include “off-site data back-up, intrusion detection capabilities, data loss prevention technologies, and devices for traffic filtering or scrubbing.” Your servers should be “configured to conduct the logging necessary to identify a network security incident and to perform routine back-ups of important information.” Your back-up system must backup not only your data, but also your applications and operating system, to speed recovery time. It must be able to store images of the computer systems at different points in time to assist in identifying any changes to the network. It needs to be able to restore data from a specific point in time, and even to restore specific documents.
D. Have Appropriate Authorization in Place to Permit Network Monitoring
Your company needs to monitor its network users and their communications in order to detect and respond to a cyber-incident. Legally, you must first obtain consent from your users and notify them that such monitoring may be disclosed to others including law enforcement. Consent can be obtained through computer user agreements, workplace policies, personnel training and network banners. Your IT company can advise you as to the best method of obtaining consent for your business.
E. Ensure Your Legal Counsel is Familiar with Technology and Cyber Incident Management to Reduce Response Time During an Incident
Your company will undoubtedly have legal questions about cyber-incidents. Make sure your legal counsel, either on staff or retained outside counsel, is knowledgeable about technology and laws regarding computer fraud, electronic surveillance, communications privacy, and breach response.
F. Ensure Organization Policies Align with Your Cyber Incident Response Plan
Your company’s policies can help to prevent a cyber-incident from happening at all. Revoking network credentials of terminated employees (so that they can no longer access the network) and using access controls (to limit who has access to what) can minimize the risk of “insider threats” – malicious activities on the part of your employees. Mandatory security training can also minimize the risk of human error introducing a cyber-attack.
G. Engage with Law Enforcement Before an Incident
It is helpful to establish a relationship with the Federal Bureau of Investigation (FBI) and U.S. Secret Service so that you have a point-of-contact in the event that you need to enlist their assistance.
H. Establish Relationships with Cyber Information Sharing Organizations
“Access to information about new or commonly exploited vulnerabilities can assist an organization prioritize its security measures.” The government has established information sharing organizations for “every sector of the critical infrastructure,” and for those that do not fit within this infrastructure, to produce analysis of cyber threat information. This information is shared within the sector, with other sectors, and with the government.
Even with taking appropriate precautions, it is still possible for an organization to become a victim of a cyber-intrusion or attack. Your incident response plan should also give consideration to how to execute the plan during an incident and what to do following the incident. Read about these steps in the DOJ document.
Bottom line:
In order to reduce response time and minimize damage, your company needs to be prepared before it is faced with a cyber-incident. If you do not already have a cyber-incident plan, Big Idea Technology can help you get started with the above steps to prepare for a cyber-incident and put the technology in place to protect your company. When we work with you, we will also discuss the role we would take in responding to a cyber-incident at your company. When it comes to protecting your business from hackers, the best defense is a good offense.