Everyone knows that in today’s connected world, businesses need to have a breach readiness plan. But did you know that this plan needs to be updated on a regular basis? While it is hard to determine how often you should update your plan, most cyber security experts agree it should be at a minimum updated on an annual basis.
Your breach readiness plan should include plans for back-up recovery, who your key team members are, and an inventory of assets. Furthermore, the breach readiness plan should be tested on a regular basis to learn of any gaps in the plan. After the test, it is important that the breach response team members address how to fix any gaps in the plan and share information on new threats that have been identified. In between testing periods, here are some signs that you may need to upgrade your breach readiness plan.
You still rely on on-site back-ups
Back-ups are a key part of the plan. If you are backing up your data on a regular basis, excellent. However, having your back-ups on-site is problematic in the event of a natural disaster, equipment failure, or a power outage. Even worse, if your back-ups are on-site and on the network, ransomware has evolved to the point where it can automatically delete any on-site backup files and encrypt the original files. A suggested method to consider implementing is the 3-2-1 backup strategy. This refers to having three copies of any set of data, of which two copies are kept on local devices, such as a server and an on-premise backup appliance. One copy is then kept off-site. While some people suggest the clous to store back-ups, if you are able to store the data offline it is even better, as there is less chance of it being infected with ransomware.
You Haven’t Tested Your Breach Readiness Plan in Months
While it is great that you have a plan, but if you haven’t tested it then how do you know if it actually works! To ensure that your plan is effective, test each step of it. With frequent testing, you will have an informed idea of how your organization will perform and be affected by a disaster that threatens business continuity.
Not many people saw the COVID-19 global pandemic coming and nobody knows when it will end. Since then, it has brought about a new normal where most office employees are working from home. Home office workers bring a new threat vector into the business. Have you updated your breach readiness plan to consider BYOD (bring your own device), mobile devices, and IoT? What about remote desktop, and VPN? If you haven’t updated your breach readiness plan to address these issues, now is the time. Waiting for the pandemic to end and hoping for a return to normal is not an effective solution. Many articles, like this CNBC article, suggests that working from home will likely be the new normal for office workers.
Ready to update your breach readiness plan? Contact Uzado today.