The Plan4Continuity plan template featured this week highlights the need to conduct IT quarterly checks. Creating an effective business continuity plan can be challenging, especially at a large or rapidly growing organization. However, performing a quarterly review of critical IT security aspects will decrease the chances of a cyber attack occurring. This goes further than telling you what to do when an attack happens; it guides you on what to do before a cyber attack to avoid the attack completely. We consider four such instances below.
Your IT quarterly check should include identifying and reviewing critical systems, access rights and passwords; revising backups, operating system updates, anti-virus, firewalls and connectivity security; reviewing email services and security, employee devices; ensuring all staff are aware of potential attacks and how they are launched; and review acceptable use policies and premise access control.
1. What can go wrong?
It is necessary to identify what can fail (or go wrong) during your operation to decide what to include in your IT quarterly check plan. This includes hardware failures, employee errors, malware and hacking as well as natural disasters. Approach this with the mindset of “if anything can go wrong, it will”.
2. Harware failure
Regular checkups and updates will assist in preventing equipment failure. When planning for this checkup it is important to account for the inevitable depreciation of hardware and endpoints. Your check can, for example, be set up to remind the appointed person(s) of when checkups and updates are due and even when new hardware purchases are due.
3. Malware and hacking
A disaster management strategy should ideally protect you from having to deal with malicious programs and third-party attacks. Yet as malware risks evolve it is necessary to rethink this part of your strategy and ensure provision is made for security updates and patches and the appropriate response in the event of an attack.
4. Regular testing
As with any business continuity strategy, all plans should be tested, and events simulated where possible to ensure there have been no changes that could render the plan useless. The Chief Information Security Officer and their team is a huge benefit when drafting and testing these plans as it ensures the right concerns are taken into account and sufficient consideration is giving to security from day one, instead of only after an attack occurred.
Each of our plans must be reviewed and can be adjusted to your specific organization and needs and can be edited as needed before being finalized. Our automated plans further activate the necessary steps and inform the necessary stakeholders with the push of a button.