<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=3018339815089949&amp;ev=PageView&amp;noscript=1">
Answers to Cyber Security Questions: What to Do RIGHT NOW Blog Feature
Marty Kaufman

By: Marty Kaufman on November 30th, 2020

Print/Save as PDF

Answers to Cyber Security Questions: What to Do RIGHT NOW

Executive Insights | Cyber Security

If you missed the Cyber Security Q&A Panel Discussion that we held earlier this month, you missed out on something big.

On November 6th, we had 56 business leaders join us for a live online event where experts answered burning questions submitted by our clients and local business leaders.

The panelists represented multiple disciplines so that we could cover cyber security and cyber risk from many angles - IT, legal, crisis and reputation management, and insurance.

Thank you to the Accent team for putting this event together, and to our panelists - Crystal Rockwood from Rockwood Communications Council, Brian Reider from BBK LLP, Glen Carlson from McGriff Insurance Services, and Peter O’Campo with Accent. Don Pierro from Empower Lab did a great job moderating.

Even if you watched the event, you should check out the synopsis that includes the recording of the webinar, as well as a list of the top 30 questions and answers.

Here’s a link to the page: Cyber Security Risk Panel Synopsis & FAQs: What Business Executives Want to Know About Managing Cyber Risk

Turn Knowledge Into Action With This 3-Step Action Plan

Becoming informed about cyber security is definitely the first step that anyone should take if they want to improve how they manage cyber risk.

Then, it's time to create an action plan and start doing.  After all, you have to act on the information to make progress towards the better outcome you want.

Here’s how I would distill the information that the panelists shared:

  1. Conduct a cyber security assessment on your network. You need to know where someone can break in and what they would have access to if that happened. An assessment will reveal your risk points so you can make an educated decision on what to do next.
  2. Evaluate your risk and determine if you need insurance coverage. Check your current policy to see how cyber risks are addressed. It’s possible you might already have the coverage you need.
  3. Create a cyber incident plan BEFORE an intrusion happens. This should include a communications plan that details who to notify and in what order. The industry you’re in will determine who you need to communicate with.

Cyber Forensics – What You Do Now Will Help Later

The panel discussion touched on something that I would also add to any action plan – cyber forensics. Cyber forensic teams are enabled with software tools that can retrace the events leading up to a cyber attack.

You're probably thinking, "Good to know that if something happens, I'll call them and they'll see what happened."

Yes, they'll look back at the information that's available, but there's one critical piece that's often overlooked. These enterprise security and cyber forensics tools need to be in place BEFORE anything happens...so the time to get them going is NOW.

The purpose of cyber forensics is to learn how an intruder got into your network so that you can determine what damage was done and prevent the same thing from happening again. This means that in a major cyber event, the first thing you need to do is to stop the spread, “preserve the crime scene,” and call in a cyber forensics expert.

That can be counter-intuitive in the moment when all you’re thinking about is getting back to work. If you immediately start restoring, you risk losing evidence that you might need to get paid for your losses.

Insurance will want to know how the incident happened. If you don’t treat your network as an active crime scene and you’ve already blown away the evidence, you could get stuck. You need the breadcrumbs. Those crumbs wash away when you start restoring.

The Baseline for Security Has Shifted

If you don’t have enterprise security tools, then you probably don’t have true cyber forensics capabilities on your systems yet.

Without a Security Information and Event Management (SIEM) tool that collects and logs data, your cyber forensics team won’t be able to go back in time to see what happened and when. You’ll just be making a best guess.

My advice is to get advanced security tools installed now, BEFORE something happens. It’s much better to do something now and be proactive, than to wait and react after the fact. It’s much less painful for everyone involved.

Marty

 

About Marty Kaufman

Marty Kaufman is Founder and President of Accent Computer Solutions, Inc., a Southern California-based innovator in IT thinking. He got his start in the world of Big Data as Manager of Information Systems for General Dynamics. He earned his B.S. degree in Computer Information Systems from California Polytechnic University, Pomona in 1985 and started Accent Computer Solutions as a consulting firm in 1987. He has spent his entire career researching and implementing Information Technology strategies and processes to help his clients reduce the cost and risk of IT.

  • Connect with Marty Kaufman