Why Your Business Should Conduct Regular Security Assessments Reason #5 – A Weak Contingency Plan

img blog 5 A Weak Contingency Plan r1

To be sure the cyber security measures you have in place are adequate for your business, regular security assessments must be scheduled to identify internal and external threats. Without them, security gaps can expose the company’s data to hackers and weaken system operations; resulting in financial loss and irreparable damage to your business and reputation.

You may wonder why a cyber security assessment is necessary. In short, the assessments help to identify vulnerabilities within your infrastructure, including (but, not limited to): inadequate security, substandard backup plans, hidden viruses, non-compliance, a weak contingency plan, and employees who are not trained to identify cyber security risks.

In this article, we’ll talk about the risks of having a weak contingency plan and how you can develop a strong backup plan, should your business experience data loss or financial threats due to a cyber attack or natural disaster.

First, let’s talk about what a contingency plan is…

According to TechTarget, “A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen. 

A contingency plan is sometimes referred to as ‘Plan B,’ because it can be also used as an alternative for action if expected results fail to materialize. Contingency planning is a component of business continuitydisaster recovery and risk management.” 

Why is a contingency plan important?

In the words of SmallBusiness, “The purpose of a contingency plan is to allow an organization to return to its daily operations as quickly as possible after an unforeseen event. The contingency plan protects resources, minimizes customer inconvenience, and identifies key staff, assigning specific responsibilities in the context of the recovery.

For example, information services departments typically have a disaster recovery plan to restore, protect and use company and customer data, including computer hardware and software on all company related devices.” 

What can happen if you don’t have a strong contingency plan?

In an article by Alliance, they suggest that you, “Think about your daily operations and everything that goes into defining who and what you are as a business. Now envision how you would recover from a complete loss or drastic business interruption. Where does your information go and how do you continue to operate? If you don’t know, you do not have a disaster recovery, or a business process contingency plan in place. What’s the worst that can happen, right?

  • Complete data loss

Your company’s data is its bread and butter, and if you lose it, your base can crumble. Data loss can occur in a number of different ways: Natural disaster, security breaches, and human error. Your company is not resistant to any of these. Nearly 17 percent of companies experience a complete data loss, and the outcome is devastating. Depending on the size and operations of a business, complete data loss can cost thousands or even millions of dollars. The loss of data triggers a snowball effect from which many businesses are unable to recover.

  • Business interruption

Any moment you are not working, you are losing money. Not only are you losing daily income, but your business is losing employee productivity as well. Downtime is money lost. If you suffer data loss, your business will not be equipped with the tools and information it needs to resume business as usual. Whether your business needs to start up in the same location or it has to move to a temporary space, the process needs to be a smooth transition, and the unit needs to be cohesive, so that your organization can continue with business as usual.

  • Loss of clients

Your clients and customers are fond of your business, but they are not likely going to care that you suffered a data loss. They want to know when you will be up and running again and where their information has gone. Telling your clients that you are unable to assist them or that you have to start from scratch is a conversation many are unwilling to have. The consumer has needs, and they have employed you or sought you out to fulfill those needs. If a customer believes you are not equipped or that you have not methodically devised a plan for recovery, they will begin to question your preparedness for handling his/her business. Once it gets out that all of your data has been lost or that you can no longer handle the client’s needs, the news will spread like wildfire.

  • Expensive recovery, if your business recovers at all

According to Tech Radar online, more than two out of every five businesses do not have a disaster recovery plan. What does that mean? Well, according to a survey, 1 in 20 businesses never recovered from a data loss. The costs associated with a data loss are influenced by many factors: costs to replace hardware, costs to rekey data, loss of daily profits, and loss of employee productivity.”

What are the steps you take to protect your business? 

According to a fantastic article by AMUEdge, titled Preparing for a Cyberattack: Creating Contingency and Backup Plans, “Organizational leaders are expected to conduct due diligence in order to protect valuable resources and assets within their information systems. While many leaders clearly understand this need and their responsibilities, very few have the expertise and technological background to make an informed decision about how to actually protect their systems from intruders.

The first thing leaders must understand is that an organization’s networked systems can never be 100 percent protected from attackers. No matter how many detection systems or proactive measures are installed to protect a network, there is no guarantee against intrusion.

The best way for an organization to protect itself is to prepare as if the network is going to be attacked. Then, the organization can take measures to mitigate the risk by developing strong contingency plans and instituting comprehensive backup and restoration measures to minimize data loss.

Creating Business Continuity Plans

Business continuity planning is the implementation of a comprehensive strategy to maintain business operations during a catastrophic event like a data breach or ransomware invasion. By creating contingency plans, an organization mitigates its risk and minimizes the loss of critical assets if an attack were to happen.

A continuity strategy should be planned and developed at the highest echelons of the organization and implemented throughout the organization. To begin, leaders must ask themselves some important questions, including:

  • What are the critical interconnection points among people, processes, technologies, suppliers, and customers? What systems are vital for the operation? This could include phone systems, VPN networks, digital radio systems, and email, all of which are critical for operation.
  • Assess all these current technologies and create a contingency plan to safeguard data within those systems, including backup, disaster recovery, vaulting, snapshots, and replication.
  • If these critical systems were to go down, how could the organization maintain operations using alternative systems? Ideally, these alternative systems should be located far enough away not to be jeopardized during an attack.
  • Who will be part of the incident response team? How will those people be notified? How will they notify others in the organization about the attack and changes to operational procedures?
  • What are the recovery objectives and what is the organization’s recovery time profile?

In addition to developing detailed contingency plans that address those questions, it is vital for an organization to regularly review and practice these plans. Organizations should:

  • Monitor the organization’s data flow processes.
  • Refine contingency plans to address changes in personnel and infrastructure and/or changes in organizational strategy.
  • Initiate a robust testing plan that documents and measures the results of all successes and failures. Execute such tests at least once per year using various scenarios.
  • Schedule regular reviews and updates to business continuity plans to accommodate the changing nature of technology and any changes in the organization’s strategy.
  • Repeat the entire process continuously.

Organizational System Backup Considerations

While a contingency plan defines how the organization will operate during an attack, the organization must also take steps to minimize potential loss of data and other information after an attack. The organization must have an effective backup plan in place to rapidly restore service following a cyberattack.

An organization’s backup strategy will depend on its operational priorities, as well as on its size and specific operational environment. For example, small organizations with limited networks can use digital devices such as thumb drives or DVDs to store important files, while larger organizations should consider online resources such as redundant arrays of [cloud storage], independent disks (RAID), automatic failover, server clustering, or mirrored systems.

Organizational leaders should talk to their IT department about its backup strategy and ask questions such as:

  • Are systems fully redundant and load-balanced? 
  • Is data mirrored so that if something happens, the system can be restored? One technique to consider that protects against data loss is the concept of Stripe and Mirror Everything (SAME). This assures robust flexibility through mirroring technologies at the database file level rather than the entire disk level. Mirroring at the file level is duplicating data in individual files instead of the entire hard drive; this saves space on the hard drive and increases speed.
  • Are files spread across all available storage and not located in a single storage location? 
  • Does the organization have Service Level Agreements (SLAs) with commercial entities? SLAs are similar to a service contract with a telephone company or car dealer. It provides technical expertise to repair IT equipment, similar to a mechanic for a car.
  • Is data backed up on different devices? This could include anything from [cloud storage], magnetic disks, tape or optical disks, and thumb drives. It depends on the organization’s choice for backup, which could include electronic vaulting, network storage, or tape libraries.
  • Does the department use automatic failover and server clustering? Automatic failover is when a hard drive fails and a backup hard drive automatically takes over the function without delay or interruption in service. Server clustering is when more than one server is used to increase the service to the user. This is similar to having a main server with multiple backup servers that will take over if the main server fails.
  • Is the organization prepared for a loss of power during an attack? Organizations should consider implementing Uninterruptible Power Supply (UPS) to prevent data loss due to an unexpected power outage. UPS is designed to store enough energy in its internal battery to allow for active response time by users and for the safe shutdown of all systems.

When Are Backups Conducted?

It’s also important to clarify how and when backups of the network will take place. Regular backups of company data should be conducted either once a day or once a week, and usually during hours when the data and network are not in use, such as around 1:00 a.m. on Sunday morning.

Selecting a time when the system is not in use will lessen the chance that it will cause interruptions to regular business processes. There are three common methods for conducting backups:

  1. Full backup: This captures all files on the disks and occurs on a single medium. The time required for a full backup is greater than that of incremental or differential backup, but ensures a greater level of accuracy. Due to the associated time and cost, a full backup is usually performed during the initial phases or following a data restoration.
  2. Incremental backup: This captures files created or changed since the last backup and requires less time and cost to run than a full backup. One issue with this technique is the need to use different devices during recovery. For example, if differential backups are captured on different devices such as a tape and a USB drive, recovering the data will require access to each media separately.
  3. Differential backup: This type of backup is the storage of data since the last full backup, which occurs following a full backup, and is faster and less costly than a full backup. This type is considered slower than an incremental backup, but offers a faster recovery time. During recovery, a differential backup only requires the use of the full backup device and the differential backup.

Best Practices for Hardening a Network against a Cyberattack

Organizational leaders should also verify that their IT department is following best practices when it comes to hardening a network. Leaders should confirm the following recommendations are being followed:

  1. Select, purchase, and install all hardware, software, and licenses for the system.
  2. Verify the installation of antivirus software on all computers [and other hand-held devices] and turn on automatic updates.
  3. Configure all computers to use junk e-mail filtering and install spam filtering on the mail server.
  4. Turn on automatic software updates for all computers.
  5. Locate the server in a locked room with controlled access.
  6. Institute backup and restoration procedures across the entire organization. Implement daily backups with a full backup conducted weekly. Store the backed-up data in a location outside of the organization’s geographical area.
  7. Configure services on the server to enforce strong passwords of at least 10 characters with at least two uppercase characters, two lowercase characters, two numerals, and two special characters.
  8. Configure individual computers to log users out after a five-minute period of idleness, so that those users are required to log back on.

Data Breach Considerations

All organizations should operate under the assumption that a data breach will happen and create a plan to respond to an intrusion. Here are questions to ask your IT department about its breach response policies:

  1. What’s our breach containment procedure? Upon detection of a breach, the organization should immediately…
  2. How will you notify affected individuals? The incident response team should be notified first, followed by affected managers and personnel. Activate its designated incident response team. These initial steps will help the organization contain the spread of the virus to other networked systems and limit additional loss of data.
  3. How will you evaluate the risk of the breach? Upon detecting a breach, an organization needs to immediately and thoroughly evaluate the risks associated with the breach, including who was affected and what harm was done.
  4. How will you conduct a review of the incident to help you prepare for future breaches? After the incident has been addressed and remedied, it is important for IT staff to have policies in place to learn from the situation. They need to evaluate how the organization responded to the incident and work to refine and further prepare for future breaches.

User Education Considerations

Organizations should also plan for robust user awareness training. The importance of training should not be ignored as it is common knowledge that human error is considered the greatest threat to organizations’ information systems.

All users should receive training in critical areas, including incident handling, disaster recovery, securing data at rest, phishing, and safe home computing. This training will educate users on the importance of security, the proper handling of passwords, laptop security, virus prevention, safe internet browsing, and consequences for unsafe and illegal actions.” 

Steps to Take if Your System Has Been Compromised

According to excerpts from  an article by CiscoMag, “Whether it is a global pandemic or the new normal, cybercriminals always find ways to target organizations and individuals for valuable digital assets. Most organizations fall victim to cyberattacks despite having robust security defenses in place.  

From leaking sensitive data, phishing attacks, selling user data on the dark web to threatening victims for ransom, threat actors leverage various attack vectors to pilfer sensitive data or obtain access to business-critical infrastructure.

Most companies avoid disclosing a data breach or cyberattack incidents citing penalties from law enforcement bodies, loss of customer trust, reputational damage, and financial impact. Organizations should always have an incident response plan in place to get the compromised networks back and recover from the damage as early as possible.

Here are the four immediate steps to follow when dealing with a cyberattack:

1. Contain

The primary step is to immediately contain and isolate the critical systems. Temporarily suspend all the systems after discovering the attack. This will help stop the spread of the attack to all business-critical networks. Look for any strains of ransomware or malware on the affected systems and isolate them from the main network immediately. Also, changing the passwords of all critical accounts will help mitigate the risks. A well-organized approach of isolation and containment will certainly help regain control of the affected systems and eliminate the risks.

2. Report

Reporting the cyberattack to the customers, clients, and especially to the law enforcement authorities immediately after it happens will create a sense of trust and transparency in the organization.

Most enterprises are often judged based on their incident handling capabilities during a ransomware or data breach attack. Organizations could encounter severe negative consequences for any delays or coverups in disclosing the incident. Besides, companies are liable under various data privacy regulations to report any security data breach incident and can attract a huge penalty from regulatory agencies if they fail to report.

3. Investigate and Recover

It is necessary to have an effective disaster recovery plan for organizations to restart the affected business operations smoothly. Report and engage with law enforcement authorities to investigate the incident to find out the cybercriminals responsible for the attack. Organizations can even hire a digital forensic team to inspect the security incident to understand the actual cause of the attack, what data, and how many have been affected.

4. Remediate

Organizations must learn from their mistakes after sustaining a cyberattack. Analyze the attack to know if there are any unpatched vulnerabilities or security loopholes in the organization’s cybersecurity posture. Come up with a set of efficient remedial measures to boost security and deal with the potential cyberattacks in the future.

Wrap Up

No individual or company is 100% immune to cyberattacks. Organizations must bolster their security standards to defend against evolving cyberthreats. Cybersecurity precautions like encouraging employees to use strong passwords, training them to identify phishing, and other attacks, ultimately improve organizational security.”

At Adaptive Office Solutions cyber security is our specialty. When you know your technology is being looked after, you can forget about struggling with IT issues, and concentrate on running your business, and lower your costs through systems that are running at their prime, creating greater efficiency.

To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca