Cyber attacks and your business continuity plans
Business continuity planning is not just about recovering from events like earthquakes, but planning for and being able to withstand any event or trigger that can cause disruption. With recent rumblings in the media industry regarding online security and the ever increasing new methods being made every day, cyber security has come to the fore as the top threat facing companies today. Cyber criminals do exist and can possess the ability to cripple entire networks and hold companies to ransom. It’s not an option anymore not to have proper and current online security.
Since the attacks on Sony Pictures last year business continuity experts have been calling on companies to learn from other companies’ mistakes and run exercises, scenarios and simulations to identify gaps in their online security, and consider policies that will make them more resilient against cyber attacks, if not prevent them totally. During the Sony debacle, technologies such as Blackberry phones and Gmail accounts, and even putting an old payroll machine back into service, were some of the ways that Sony used to keep going. A lesson hard learned? Perhaps, but at the end of the day Sony Pictures was able to move forward.
The inextricable link between computers and the internet and business operations today means that cyber security needs to be well integrated into one’s business continuity plan.
It is essential to understand your IT security and manage it thoroughly by cleaning and disinfecting your workstations and the devices attached to your network, and by using preventative measures such as these:
- Install a well-supported and robust antivirus. Free often means exactly that. Free, unwanted access to your system.
- Change passwords regularly and don’t use predictable password phrases like your birthday or your favourite car.
- Maintain a strict firewall policy.
- Block harmful websites. Where needed block social messaging sites from the workplace.
- Never leave devices unattended. If possible lock the screen.
- Be on the lookout for phishing websites. If it looks phony then it probably is phony.
- Control access to usb devices. Malware like the Brotok virus is powerful.
- Enforce policies to protect your organisation. Don’t just say it, enforce it.
- Control and block installation of programs like torrent downloaders.
- Get professionals to do vulnerability audits.
- Develop, implement and maintain solid and regularly simulated business continuity plans.
With the prevalence of “nasty-ware” like the cryptolocker trojan and its derivatives and their insidious natures not only information officers but staff in general need to be vigilant in their outlook and approach. The next “cute kitty conducts Verdi” zip file may contain a powerful payload that can not only slow down systems and crash your computer, but also steal company data, infiltrate your company and personnel accounts and wreak havoc on employees’ personal lives.
Cyber criminals use the most insidious of techniques to infiltrate systems. It’s possible to breach the most impenetrable of systems but that does not mean that one must just roll over and accept defeat. With technology moving towards being online the need for proper online security is a must.
In addition to this a business continuity plan that can be activated when systems are infected is crucial. Elements of this plan should include putting required devices under quarantine, blocking Internet traffic to prevent further infections, ensuring data is recoverable and planning for alternative IT infrastructure. The cooperation of all members of staff and an integrated business continuity plan are essentials to counter this threat.
Try our safe and secure cloud-based internet service here.