Cyber attacks. They’ve been on my mind lately, ever since I learned a few incredibly disturbing statistics about the cybersecurity industry. For the sake of disaster preparedness, I want to share them with you today — I think these are particularly relevant to business owners and IT department heads:
- Cybercrime damage costs are expected to hit $6 trillion annually by 2021
- At least 6 billion humans will face a cybersecurity attack by 2021
- Cybersecurity spending will exceed $1 trillion from 2018 to 2021
That last statistic is one I want to focus on here, as it shows just how important people and businesses think preparing for a cyber attack is. Cyber attacks can be costly, but by investing in your business’s security now, you might save yourself a lot of money in the long run that you’d have to shell out in the event of a breach. And aside from the costliness of the whole ordeal, experiencing a compromise of your business’s security is emotionally draining and stressful. Better to prepare now, as we like to say at LifeSecure.
For those who are unfamiliar with how cyber attacks work in a business setting, cyber attacks often occur on a business’s IT systems, targeting sensitive business information, financial information, and personal employee information (like social security numbers). There are many types of cyber attacks. One of the most popular comes through the use of malware. In this kind of attack, malware compromises a business’s servers, giving hackers access to important documents and system information. The perpetrators then encrypt the business’s files, necessitating the payout of a ransom to the hackers in order to re-secure the information. Another alarming threat that comes with cybersecurity, is a hacker’s ability to access the nation’s power grid. One area and topic of concern are power outages that may be caused by a cyber attack. Though the government has close regulations to protect the nation’s energy grids, it is always best to be prepared.
There are a lot of hazards that can come along with a power outage, ones that you must take the time to prepare for are:
- Be aware of any health conditions your employees may have. Know if they fall into a group that needs the power to help manage that condition. For example, an employee with diabetes will need access to a source that will refrigerate their insulin. It is important to have the sources to manage their condition.
- Make sure you are prepared to control exposure to extreme temperatures. For example, in the winter the heat will turn off with the power outage. If they are exposed to extreme temperatures it could lead to serious health problems, especially if anyone is in any type of weakened state. We suggest having a stock of cold weather preparedness kits and emergency thermal blankets.
- Without refrigeration, food can spoil rather quickly. Be cautious of the risks of food poisoning. Depending on the extremity of the power outage, the street lights could be out and your workers may need to stay put before they can travel home safely. This is where you must be able to care for your employees and have enough dried food to accommodate them.
- Without power, water plants cannot operate. Majority of them do have backup generators but it is better to be safe than sorry. Have a supply of filtered water to avoid exposure to contaminated water.
- Be prepared to take care of any injuries. During a power outage, medical systems strained, phone lines could be down, cell phones could be low battery, etc. Awaiting on medical systems could delay treatment during this time. We recommend having an emergency kit handy and ready to go during an emergency.
When you begin thinking about your business’s cyber attack preparedness, you should first adopt the mindset that it’s not about if your business will be threatened, it’s about when it will be threatened. Cyber threats are so commonplace that you’ll need to assume the worst will happen in order to make sure you’re completely prepared. From there, we recommend you follow a three-step approach to preparedness:
- Strategic Planning
The first part of any cybersecurity approach should always be strategic planning with IT security management and senior level organizational leadership. They’ll be responsible for determining the scale and priorities of a protection program’s immediate and long-term goals. As they do this, they should consider: The budget allocated for cybersecurity; what systems, data, and operations should be protected; and how much inconvenience or operational disruption is acceptable to ensure protection.
The second step of the preparedness process is the operational level. This part of your cybersecurity planning process should take a few weeks to a few months at most. The goal of the operational level is to identify current and emerging threats, including their motivations, methods, and campaigns. This will help your business create a plan for resource allocation and system implementation for your protective needs. During this step, the following should be considered: What would make the business a desirable target; if the business or company currently has the right personnel employed to ensure protection; how current incident response procedures can be improved; how current employees can be better educated on scams like phishing; and if third-party vendors with access to company data have been properly vetted for cybersecurity protections.
It is important to take all the steps to prevent such an attack but it is also important to be prepared to have a plan to handle the situation if the worst may occur. Have a plan to work with your employees to maintain and control the situation. Make sure to have a list of all the emergency contacts you need to inform about the attack (banks, lawyers, etc.). If the result is a power outage, you must be prepared to protect your employees. It is important to have necessary emergency supplies on hands such as emergency power and lights. Reliable and consistent power will be extremely important in surviving a disaster. Being able to safely and consistently charge a phone during an emergency, or use a laptop or radio, will enable you to communicate important information and receive important emergency updates. Having consistent power to illuminate an area will be crucial for safety and dealing with the disaster.
This is the day-to-day monitoring and investigative tasks that take place on the ground in the IT department of a business. The department and the IT systems employ the cybersecurity strategies set by the strategic and operational prongs of the business’s protection plan. On the tactical side, threats from both outside and inside a business are mitigated (and yes, unfortunately, the latter does happen — intentionally and unintentionally). Data, information, analysis, and report compilation happen on the tactical side, as well, which are all critical for a C-suite’s evaluation of the cybersecurity plan’s effectiveness.
For companies and businesses that have the resources, it’s always a wise decision to hire a third-party cybersecurity expert to help carry out the tactical approach and help fine-tune the strategic planning and operational steps. An outsider will better be able to provide risk mitigation services like:
- Continuous network attack monitoring
- Offline and off-site backups
- Business recovery implementation
- Collect intelligence on emerging security threats
- Vulnerability Scans
- Incident response and forensics
LifeSecure is a Northbrook, IL-based company that manufactures and distributes emergency preparedness products. In line with CEO David Scott’s mission to better equip the community and beyond for life-threatening situations, the company creates superior emergency and disaster survival solutions, such as kits and supplies. LifeSecure makes an ongoing study of how best to prepare for and respond to various natural and man-made disasters so that consumers can Live Life Secure. To see our full inventory, please visit our homepage. For immediate help or questions, call us at 877-877-5522.