Let’s harden our perimeters and harden our systems, put great password controls and have put in lots of technology to help with logging/monitoring. Cyber, cyber, cyber…
“#Cyber” is all the rage right now. When it comes to security, many businesses focus on the IT side. You have heard me say before in my other articles and I will say it again that it’s not an IT problem, it’s a business problem. Attackers can wreak havoc, especially when people are vulnerable and distracted. Your business probably has some incident responses to cover attacks… you do, don’t you?
However, I seem to find time and time again that many businesses do not seem cover certain topics. One topic is particularly important because it could wipe out your business… literally.
What am I talking about? It is natural disasters.
I remember taking some familiar information security courses, and I was presented with some interesting possible answers. In a disaster scenario, out of the options presented, the wrong is answers related to protecting your systems. So, what is the right answer? The best answer presented was related to getting people out safe. First thing is about saving lives. Let’s be honest, when it comes to information security and disasters, did you think about that first?
You see cyber security is just one part. Overall, it is about protecting your information assets. People are information assets. Without your people, let us see how quickly your business handles information.
We can spend quite a length of time here, but first take a look at the risks to your business. What are the natural disasters. Just look in the news, and you will find natural disasters that severely impact businesses. From what I have read to date, Hurricane Katrina was apparently the costliest natural disaster in the United States. Hurricanes, flooding, earthquakes or other not only first and foremast impacts people’s lives, but also business continuity. These can severally impact a business, if the business has not been literally wiped out.
Unfortunately, malicious attackers are jumping on the back and riding the storm too. Fake charity sites to steal payment card data, phishing emails, links to potentially dangerous malware.
“It’s not going to happen (to us)” …
What can you do about it?
As it’s a business problem and not an IT problem, your security experts and risk experts should review your types of assets you want to protect. Occasionally, I hear “It’s not going to happen (to us)” and I just have to then keep my emotions in check, then try to change their way of thinking. Here are some things you may want to consider:
✅ In your risk registers, consider natural disasters that may impact you. Are you in a flood, earthquake, hurricane zone etc.
✅ Consider non-natural disasters due to human error. For example, is your business under a flight path. Are you near a chemical or nuclear site? Is there a risk?
✅ Identify your recovery time objectives (RTO) and recovery point objectives (RPO). Review your controls to see if they are sufficient for your RTO/RPO. Do you need to create a cold site, warm site, hot site for your staff?
✅ Test your business recovery and incident response plans. For example, will your electronically automated office doors open to let staff out if there is a flood, or will your staff be trapped inside (this has happened to one of my previous clients).
Hope that helps. Feel free to share if it will help someone. Until the next post…
👉 Like What You Read? Be a rockstar and just give me 5 more seconds by sharing this to LinkedIn.
👉 Want More Tips/Hacks To Improve Security and Compliance Faster? Then take 10 more seconds to click on my profile, connect and follow me: https://www.linkedin.com/in/mqhopewell/
#computersecurity #cybersecurity #informationsecurity #infosec #cybersec #privacy #itleaders #itleadership