CISA Cyber Essentials Toolkits: Your Crisis Response
The sixth and final entry in CISA’s series of Cyber Essentials Toolkits covers the necessities of an effective crisis response plan. Are you prepared to respond to a cybersecurity crisis right now?
As a part of their Cyber Essentials resource, CISA has rolled out an additional six Cyber Essentials Toolkits. The sixth covers best practices for developing, testing, and following an effective crisis response plan.
Why Is Crisis Response Important?
You can’t afford to assume your business is secure. While you should be confident in your efforts to secure your data and prevent breaches, that doesn’t mean you can act like nothing will ever go wrong.
It’s all about hoping for the best and being prepared for the worst.
If you’re going to respond effectively and quickly to a data breach, you need to have a plan for doing so. By developing a robust strategy for crisis response, you’ll be more prepared to limit damage and maintain continuity.
With a crisis response plan, you’ll be prepared to deal with:
- Data Retention Contingencies: At the rate that technology evolves, it’s no surprise that some businesses find it difficult to keep up with. When policy development falls behind the pace of adopted technologies, it can often lead to gaps, which can affect data retention.
- Cybercrime: Data loss is often the result of poor digital security; without the right defenses, cybercriminals can easily infect an IT system with ransomware or other types of malware to compromise company data. If you have a data backup solution, then it doesn’t matter if your data has been encrypted in a ransomware attack. You can just replace it with your backup, simple as that. That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
- Human Error: Much of data protection is dependent on the user, and as such it’s vital that you properly educate your employees in safe conduct. The more your workforce knows about the security measures you have in place, the more confidently they can use the technology in a secure manner. Human error can be detrimental to data integrity. Without a viable backup, all it takes is one accidental click to delete a file, or one spilled coffee to fry a local hard drive.
CISA’s Essential Actions For Crisis Response
- Develop A Disaster Recovery Plan: Your ability to respond to a crisis effectively will come down to how well you plan for it. See below for more info on what your plan should include.
- Determine Systemic Priorities: Well before any events occur, you should have an informed understanding of which systems are most critical to your operations. Those systems should be prioritized for protection and recovery in the aftermath of an event.
- Know Who To Call: Make sure you have a plan for enlisting expert and official support in the event of a crisis. Whether it’s a third-party IT support provider, a cybersecurity forensics team, or CISA and the FBI (in the event that you need to report a cybercrime), make sure you make contact and build these relationships ahead of time.
- Test Your Processes For Response: You can’t assume your plan is effective — find out for sure by testing it. Ensure you can isolate components of your network as need be, allowing you to protect certain assets after others have been compromised. Tweak and improve your planning as needed based on how effective the testing process is.
What Should Your Crisis Response Plan Include?
- Understand Your Priorities And Processes: How can you protect your processes against disruption if you don’t have a high-level view of how you operate? Disaster recovery planning starts by gathering information — make sure to answer the following questions:
- What applications and data does your operation use?
- What is your tolerance for downtime for each application?
- What is your tolerance for data loss for each application?
- What dependencies (databases, DNS, Active Directory, Web Services, etc.) are needed for each application?
- What are the regulatory and compliance requirements (internal and external) for data retention, and for how long?
- Which applications are essential to keeping business operations running?
- How do the applications differentiate the business from others in the segment?
- Comprehensive Backup Capability: Make sure that all backups are automated and completed within allotted time frames required to meet business recovery and operational requirements.
- Consolidate Protection: You can reduce complexity and cost by using a single application and with a single management console to protect all physical and virtual assets.
- Understand Data Volatility: Applications with the greatest churn or change (such as inventory or financial data apps) should be prioritized over those whose change is more gradual (e.g., file data).
- Map App Interdependency: If you have apps that work in tandem with one another, make sure they are grouped and prioritized effectively for data backup purposes.
- Don’t Forget About Bandwidth: As data requirements continue to grow year by year, your demands on your network, storage, and management resources will grow as well. It is recommended that you incorporate global deduplication, which compares and eliminates data copies across all sources.
- Acceptable RTO & RPO: Not all backups services are the same, which is why you need to understand the following two metrics:
- (RTO) Recovery Time Objective: How long will it take to recover files, applications, servers, or full infrastructure?
- (RPO) Recovery Point Objective: RPO is governed by the frequency of backups. In the old days, backups were performed at the end of the week or the end of the day. Today can backups be managed continuously. This means very little to no data loss in the event of a recovery, so there’s less lost work to re-do after recovery.
- Regular Testing: You can’t assume that your backups will just work when needed. They should regularly test your backups to verify their effectiveness in the event that something goes wrong with your onsite data.
Kraft Technology Group Will Help You Stop Worrying
Aside from all the technical and business benefits offered by our disaster recovery services, the bottom line is that we will help you stop worrying. The Kraft team will help you avoid and minimize the effects of any disaster — get in touch with our team to start developing your disaster recovery plan.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.