CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

5 Best Cybersecurity Management Practices During a Crisis



No company wants to think about what it'll do in a crisis, but sometimes they're unavoidable. Whether it's an advanced cyberattack of a situation like COVID-19 that led to an unexpected rise in cybercrime, cybersecurity emergencies happen. If you do find yourself in such a crisis, how do you respond?


Regardless of how secure your business is, you need to be ready to handle a cybersecurity crisis. There were more than 1,000 data breaches in 2019 alone, exposing more than 160 million records. Whether the danger is global or only affecting you, you need to have a response plan.


To help you start, here the five best cybersecurity management practices for a crisis of any kind.


1. Be Transparent


The best thing you can do to mitigate a crisis is to remain transparent throughout it. Accidentally exposing customer or employee records is a problem, but hiding it makes it a scandal. As soon as you hear about the situation, inform those affected.

In the infamous Equifax breach, it took six weeks for the company to inform the public. This sluggish response time is part of the reason why the event became so notorious. On the other hand, though, if you communicate quickly and honestly, it can help save your reputation.


2. Emphasize Communication


Informing affected parties of the event shouldn't be the end of your communication, either. As you continue to work through the crisis, let customers and employees know what you're doing. Ongoing discussion can offer some peace of mind for both your customers and workers.


Take the COVID-19 pandemic, for example. Many companies list their updated procedures to let customers know that they're taking action to protect them. So after you inform people about the event, keep talking to them about your solution.


3. Focus on Victims, Not the Company


Throughout the crisis, your leading concern should be those directly affected by the situation. In a business, it's tempting to focus your response on recovering lost capital, but that's not the most critical issue. Work to make things safe for your affected customers or employees, then worry about the money.


If you suffer a data breach that exposes client records, address securing those records first. Even if it means a temporary period of loss, you should make things right for affected parties before anything else. If you focus on recovering costs first, it could mean further security breaches and a poor public image.


4. Learn From the Crisis


Every crisis is a time to learn, even if you haven't experienced any loss because of one. Consider each cybersecurity breach, whether it affects you or another company, a chance to improve your security. Look at what worked and what didn't and rebuild your protocols around that.


Consider the UN's 2019 data breach that came as a result of not updating their software. Even if that didn't affect you, it could serve as a lesson to always keep your programs up-to-date. Learn from your mistakes, but also learn from the mistakes of others.


5. Plan for the Worst


Hopefully, you'll never experience any cybersecurity crisis, much less a severe one. Even if an event is unlikely, though, it's unsafe not to prepare for it. You should have a response plan in place for if something happens.


You can't know what a severe event will look like, but you can establish guidelines for a worst-case scenario. Define what data to backup, who to contact, and how to tell affected parties before something happens. This preparedness will help you respond as quickly and as effectively as possible.


Prevention Is Better Than Cure


All of these are things you should consider in a disaster preparedness plan before a crisis occurs. If you wait until zero-day to enact any policies like this, you may not have the time or resources to do so effectively. Establish a plan today about how you can incorporate these strategies.


Talking about a crisis can be tough, but it's better to do it than to wait. If you take a proactive approach to defend against cybersecurity emergencies, you'll be far safer in the end.

SOCIALS 

SUBSCRIBE 

 Keeping you informed | Latest News 

© 2018 Dr. Chaos 

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM