PREVENTING A CYBERATTACK (Part 2)

This is the second installment in a six-part discussion on the best practices to prevent a cyberattack.  The first part discussed four critical steps to prepare a business in the case of a cyberattack.  These included: (1) identifying the crucial assets and functions a business, (2) creating an Response Plan, (3) installing the appropriate technology, and (4) obtaining authority for network monitoring.  This article builds on those steps by suggesting further best practices in order to prevent a cyberattack.

5. Align Business Policies with the Response Plan

When an organization creates an Response Plan in the event of a cyberattack, it must ensure that the plan is cohesive with preexisting business policies within the organization.  In order for the Response Plan to be implemented effectively, it cannot clash with any of the business’ standard operating procedures.  For example, if the Response Plan states that whoever discovers the cyberattack must alert the entire organization, but the organization’s policy prevents an employee from emailing the entire company, there is a problem.  By testing the Response Plan, organizations can locate these potential problems before a credible cyberattack occurs.  Another important practice is to suspend the network access of former employees as soon as they are terminated.  This practice guards against the liability of an angry employee seeking revenge via a cyberattack.

6. Ensure Legal Counsel Understands the Legal Response to Cyber Incidents

Cyberattacks create unique legal situations that may be unfamiliar to a business’ legal counsel.  An organization should rely on its legal counsel for assistance in creating its Response Plan.  A legal counsel’s understanding of its client’s Response Plan can save valuable time and resources in the event of a cyberattack.  Legal counsel can instruct a business on its obligations to report breaches to customers, its ability to terminate employees based on cyber incidents, and its privacy concerns associated with network monitoring.  A business should also ensure that its legal counsel understands possible legal action that it can take, both in the short term and the long term, in the event of a cyberattack.  Legal counsels that are familiar with cyber security laws will be better equipped to immediately assist clients if a cyberattack occurs.

7. Cultivate Relationships with Cyber Incident Information Centers

Access to a network of cyber intrusion news and information can be a valuable resource for a business in order to keep ahead of the latest threats.  Organizations that collect and disseminate cyber security information exist in every market sector and are commonly referred to as ISACs (Information Sharing and Analysis Centers).  A business that is committed to maintaining a strong cyber security network should subscribe to the appropriate ISACs for its market sector.  This will enable the business to prepare for possible threats and share helpful information. Businesses in niche sectors can rely on government created ISAOs (Information Sharing and Analysis Organizations) for their cyber security information.

8. Establish Connections with the Appropriate Authorities

Businesses should establish a working relationship with local law enforcement and cybercrime units before a cyberattack occurs.  Familiarity between law enforcement and a business will allow for a more accurate and efficient response in the event of a cyberattack.  On the federal level, the Federal Bureau of Investigation and the U.S. Secret Service frequently deal with cyberattacks. Each agency has a department that conducts outreach to private businesses. The departments are the FBI’s Cyber Task Force and the Secret Service’s Electronic Crimes Task Force.  A business should contact these agencies to review its Response Plan and seek support prior to a cyberattack.