IT Disaster- who does what and when?

IT Disaster- who does what and when?

 In Integer IT News
4

There is an old adage that states ‘if you fail to plan, you plan to fail’ and many think the quote is attributed to Benjamin Franklin from 1790, so to say we haven’t been warned is a serious error of judgement.

Integer IT have mentioned disaster recovery within previous news updates where we highlighted the time it takes to recover from a critical IT incident (real time recovery) and how long a business can afford to be without critical applications and what systems they can put in place to speed up the time gap (real time objective). There is also the reputational impact of a Cyber-attack, but we won’t go down these rabbit holes again. This time we shall concentrate on the plan that should exist in every company when it comes to responding to a critical IT outage or cyber incident.

If you do not have a plan, start one now, as during an IT cyber event emotional responses often kick in and everyone wants to know everything all at once. A clear head is required to follow the critical response plan, there may be ransom demands, reporting obligations and clients can’t get hold of you and if they can you have no systems to work on to assist them.  It’s also not a static plan and will evolve and should be reviewed every 12months rather than gather dust on a shelf as different attack vectors and methods also adapt.

To be clear, print it out and put it on a shelf so it is easily accessible as your IT systems may well be compromised and unavailable.

Here are some ideas that it should cover as the last thing you want to do is make it up during an IT crisis.

Readiness

  • Document core elements of a response plan, including:
  • Who will be responsible in leading the response to an IT or cyber crisis?
  • What are the key systems essential to the operations of the business?
  • Do you hold highly sensitive or critical data, for example personal information of clients?
  • Where are your backups located, are they secure and when was the last time they were tested?
  • What will be your approach to communications, including responsibilities for communications and regulatory reporting?
  • What external sources of assistance and expertise can you call on?

Response

  • Seek assistance from trusted sources.
  • Report the incident to the ACSC.
  • Inform key stakeholders including employees, customers, and partners in a transparent, accurate and timely manner.
  • Restore systems, critical operations, and data from backups where possible.
  • Prioritise recovering essential functions.
  • Reset all passwords for affected accounts, including employee, customer, service and administrator accounts.
  • Implement strong password policies with multi-factor authentication.

Recovery

  • Where possible invest in cyber security enhancements, such as storing key data and systems with reputable cloud providers or migrating key functions to SaaS providers.
  • Support impacted employees and volunteers.
  • Train employees and volunteers on cyber security awareness and practical controls, including cyber hygiene and awareness of scams.

 

Remediation

  • Where possible help for impacted individuals, including financial support to replace documents.
  • Utilise templates, social media, FAQs on a website, or a dedicated customer telephone line to assist in triaging and responding to customer issues and complaints.
  • Continue to communicate honestly, clearly and empathetically with impacted stakeholders.
  • Demonstrate cyber enhancements to key stakeholders.
  • Consider the range of appropriate remediation options that might be available to those impacted.

If you would like any assistance in creating a plan or auditing what you have in place, please do not hesitate to contact us. It’s better to take advise and plan now rather when the crisis has occurred.

Recent Posts
Contact Us

Send us a message and we'll get back to you as soon as possible.

Start typing and press Enter to search

DMARC – Why have emails stopped?Integer IT News