10 Best Practices to Help You Prepare for a Cyber-Attack

With all the recent cyber-attacks making front page news, you’re probably wondering how you’d deal with a similar breach at your company. While there are many articles and blog posts about the latest and greatest technologies that can help you detect and prevent cyber-attacks, there are also many practical steps you need to put in place. In honor of Cyber Security Awareness month, here are 10 best practices to help you prepare for or quickly address a cyber- attack.

1. Build an Incident Response Team: Do you have a designated IR team ready to handle the critical alerts as soon as they are identified? Is someone playing point as an incident manager? Having the operational hierarchy in place with assigned roles will allow your organization to move quickly in the event of an attack.
2. Perform Code Red Drills: Have you recently performed a code red team drill to test your response to an attack? If not, do one now (and do them regularly). These drills will help identify weak links in your processes and where you need to make improvements.
3. Know How to Act: During a breach or an attack does your technical team know how to respond? Are there proper procedures in place to handle specific types of attacks? Which team should you call or escalate an issue to if needed? Many times during a breach or an attack there are people running around trying to figure out what’s going on. This is where your leadership needs to take control and direct the technicians, but there should already be predefined steps to follow.
4. Get More Help Are there teams that will need to come in to assist you after a breach? Do you have a fully trained and staffed forensics team? Many companies aren’t fully staffed with all the necessary resources that will be needed after a breach, so make sure you have a pre-selected list of vendors, who are trained and ready to come in as soon as you need them.
5. Get Insurance: Do you have cyber insurance? When should you involve them? Many companies today have cyber insurance which requires your company to undertake certain predefined tasks during a breach. Make sure there’s a team responsible who knows what to do and can implement these tasks, as well as follow up with the insurance company as soon as possible.
6. Keep Records: Where is all the data regarding the incident being stored? Is it on shared drives, email, etc.? There are likely going to be many logs, emails, evidence, etc. that need to analyzed (and kept as evidence). Make sure you have proper procedures in place for central and secure storage of this information, otherwise it could become an issue when people accidently work in silos and technicians work off different versions of data.
7. Chain of Custody: In addition to keeping data all in one place, there also needs to be a firm chain of custody in place for legal and insurance purposes.
8. Maintain Compliance: A breach is likely going to throw a wrench in your compliance, so make sure to alert your assessors of the breach as soon as possible and bring in any necessary specialized resources who are qualified to review the breach from a compliance perspective.
9. Become Friends with the Feds. Do you have a contact within the FBI? Just because you have no need for law enforcement right now, doesn’t mean won’t need them tomorrow. So build these relationships so that you’ll be able to make contact with an agent quickly if/when you need one.
10. Educate Non-IT Employees: Are your public relations and human resource teams ready to handle and respond to a cyber-attack? What about your customer service team? What happens when they start getting calls from customers and users? These teams will need to know how to respond and what their roles are during and after the incident.

Nothing is going to fully prepare you for a breach but planning for the worst is the best training a company can do  and it will soften the blow if/when a real data breach occurs – believe me, it’s worth every training resource and dollar you can spend.