Imagine – you are busily going about your day when suddenly your meeting is interrupted. “No one can access their files!!!” or “We just accidently paid $50,000 to a fraudulent account and we can’t get it reversed!!!” or something similar.
What would you do? Where would you start? How would your business respond?
We recently ran a table-top exercise with a number of clients and an external expert.
What did we learn?
1. Be prepared.
Have a written plan. Understand the impacts and what’s important to your business. Have a communications plan. Review it periodically, because things change.
Work this through inside your business. Involve staff from all departments and levels. It is too late to find out key info on day 3!
2. Understand that in a cyber incident you may need expert help.
That’s where your cyber insurance steps up. This maybe your first incident, but the bad guys have got years of experience. You are not going to outsmart them on your own. You need expertise.
3. While you must harden your IT platform, it’s your people that are the weakness.
Insurance statistics tell us that the vast majority of incidents start with human error. This is where “fire drills” can make a difference.