Okay, you believe you won’t get cyber-attacked.
However, that’s what the 3,800 companies who suffered a breach in the first semester of 2019 thought too.
To protect your company and ensure business continuity, you need to make sure you have the following 3 things in place.
1 – Have a Cyber-Breach insurance in place.
Any company that handles, maintains or processes personally identifiable (driver’s license numbers, social security numbers, etc) or protected health information (account numbers, medical record numbers, etc.) needs their own CyberBreach Insurance. This will protect the organization against claims arising out of ransomware, a rogue employee, phishing attack or theft of hardware. The insurance should cover the following:
- Security Liability
- Privacy Liability
- Breach Response Costs
- Crisis Management Expense
- Forensic Expense
- Regulatory Coverage
- Digital Asset Restoration Costs
- Business Income Coverage
- Cyber Extortion Threat
- Cyber-Theft Loss
- Cyber-Fraud Event
- PCI DSS Assessment Coverage
2 – Define and implement an Incident Response Plan.
How are you moving forward in the case that all your information in lost or unusable because of a cyberattack, theft, fire, flood or natural disaster?
An Incident Response Plan is an organized method to address and manage the aftershock of a cyber attack or security breach. It should define the internal and external steps to take.
- activate the cyber incident response team, (who must be involved in the response plan, internally and probably third parties providers)
- start the containment procedures the attack (damage control, identify the source or vector, close the network access to stop any further damage, change passwords, event logs analysis, etc.)
- Start the recovery phase
- Reporting to authorities
- PR and control of any damage to the organization’s image damage
- Lessons learned that must be implemented to prevent another attack
3 – Have a solid Disaster Recovery solution in place.
For small to large corporations, the critical task of data backup can be an expensive and challenging endeavor. Fortunately, we have made enterprise backup possible for everyone with our Empowered Sentry Solution.
Whether you are the office manager of a small firm, up to a CEO of a Fortune 100 Corporation, Empowered Sentry Platinum is your enterprise solution for remote data backup.
The Disaster Recovery solution has the following features:
- Run backups automatically every hour during your operation hours – you don’t want to have the human factor in this important process and get the “I forgot” answer when you need it
- The hourly backups should be differential so you don’t have to backup the whole system repeatedly and to save storage space – full backups take long time and they would create a large backup file.
- The solution should be immune to ransomware or malware attacks – this is an important specification that must be guaranteed by your provider
- Preferably, it includes a local device for a local backups, thus allowing for quick recovery and local server/desktop virtualization – just imagine downloading a 3TB file from the cloud. At a stable download speed, that will take 5 days and 20 hours to complete!
- The solution must perform daily verification of the last local backup of the day – mount the server image and start it as a virtual machine on a sandbox for example
- Automated transfer of encrypted backups/differentials to the cloud
- The cloud backups should be redundant
- The images of the machines backed up in the cloud should also be bootable as a virtual machine in the cloud so it could be accessed in case of a disaster
- Have a good Master Service Agreement with your provider defining the scope of the work and its responsibilities. It must also state that your provider has a cyber security insurance coverage.