Are you ready for disaster?
It’s likely that you and your staff are already well aware of the need to take a robust approach to online security.
Cyber-attacks are on the rise with attempts expected to reach at least half a million per year by the end of 2016. These attacks are also becoming more sophisticated with most types of Malware being designed to operate undetected.
Any system can be vulnerable to attack from Malware, even where there are good security systems in place. This is particularly true over the Christmas period. Plenty of hackers have day jobs or may even still be at school! The holidays allow them extra time to work on viruses and denial of service attacks.
In this week’s blog, we wanted to talk about the steps you should take if your system falls victim to an attack and how you can protect your business from suffering further damage as a result.
Types of attack
Your system can be vulnerable to different types of attack depending upon the Malware being used. Some will simply cause small and irritating glitches whilst others will corrupt files or prevent you from logging in. Equally, you could find yourself facing a full system lockdown.
Other forms of Malware are designed to gather information or access your system to allow attacks on others, for example by sending viruses or malicious documents out to your email contacts.
Recently, denial of service (or DoS) attacks have become more prevalent as a result of some high profile cases. Banks and other financial institutions have faced a barrage of attacks where customers have been unable to access their accounts as a result of the attack flooding the network.
Whilst cyber-attacks are often carried out by activists, criminals are also using Ransomware as a means to blackmail their victims into paying for access to be restored.
You may take the view that your small business is unlikely to be vulnerable, however this couldn’t be further from the truth. Businesses of all sizes are now being targeted so it’s important to have a plan in place should an attack succeed. We often see a pattern of attacks increasing during school holidays so you could be at greater risk when your offices are closed or operating with fewer staff.
The consequences of a successful attack are potentially far reaching. You may lose valuable business hours if you’re locked out of your system. Some forms of Malware also delete documents or allow access to third parties so sensitive information could be lost or made public.
Depending upon the type of information you hold, your business’ reputation and customer relationships could be badly affected. We’re all aware of how sensitive some commercial information can be so quick and decisive action is imperative.
Your disaster recovery plan
When operations are running normally it can be hard to imagine how an attack might affect your business. We recommend adopting a ‘post breach’ mind set by reviewing the different types of Malware that might affect your system.
What is the worst case scenario if your data is stolen? How will you contact other members of staff or notify customers if they may also be affected?
It’s increasingly common for lawyers to give advice on cyber security. They can certainly give you good insight into the ways that a breach may affect your business as a whole. However, their practical knowledge is unlikely to be comparable to that of an IT expert.
Whilst you’ll need expert help to devise an appropriate disaster recovery plan, communication with your staff is also key. As a minimum, IT staff should be aware of the steps to take in the event of an attack. However, if your small business doesn’t have a separate IT department it’s likely that every member of staff will need to know how to respond and what action to take.
Stealth attacks can take place over a period of time but an immediate response is likely to be needed when they’re detected. You should make sure that all staff are trained and their knowledge kept up to date.
The chain of command
You may be the boss, but you might not be the best person to take control in the event of a cyber security breach. The day to day running of your business demands that each member of the team has clear duties and responsibilities and a cyber-attack is no different. You may find that it’s necessary for your usual role to shift slightly.
For example, you could decide to nominate your resident IT expert to take control of the technical aspects whilst you deal with other matters.
If you’re a small business, notifying your team of an attack may be straightforward, particularly if you all occupy the same office. However, it’s increasingly common for small businesses to outsource to freelancers or other off site workers.
You may need to contact your clients quickly to warn them of a potential attack on their own system.
The recovery plan should always include a communications protocol that doesn’t rely on email or any other web based communications. Your telephone system may still be operating but will you have access to any relevant telephone numbers?
How you can approach data recovery and continuity of operations
A good disaster recovery plan should set out how you will recover any lost data whilst keeping everything running. Ideally you’ll have documented lines of communication and details as to the information which will be needed. The clearer the plan, the calmer and better informed your decision making can be.
It’s important that your plan is not just theoretical. It will need to be reviewed and adapted frequently, particularly since new kinds of Malware are emerging constantly.
When your plan has been devised and staff training provided, run a drill. This will enable you to ascertain whether the plan works and also whether your staff have taken everything in. The drills will also allow you to adjust the plan to allow for any unforeseen factors which weren’t included the first time.
Ideally, regular tests will familiarise you and your staff with the procedure so that if a successful attack ever occurs the response will be second nature.
How you can use the cloud
Trusting information to a cloud can seem counter intuitive. Surely clouds are fluffy and not robust security measures? In fact, the reverse is true. Using cloud back up can add an extra layer of security to your data as each system has its own protections. It also reduces the risk of human error as the backup is automatic.
Cloud based computing is ideal in a disaster recovery situation as everything is held off site so won’t be affected by a direct attack on your system. This holds true regardless of whether your business falls victim to a cyber-attack or if physical operations are affected by a flood or power failure. You can also access your information straight away from any location.
Do you have a plan in place?
All of this probably sounds pretty daunting if you’re thinking about it for the first time. It can be hard to imagine how your business might be affected if you fall victim to a cyber security breach, or even what form that breach might take.
If you’re not sure where to start, we can help. We offer a free, no obligation audit of your business and any current plan so you can begin to make informed decisions about your data security. We know that you need to consider the financial aspects and any advice we offer you will be based around that, as well as your current and future business needs.
If you could like to discuss any aspect of your IT solutions, including how to best protect your business network against Malware, give us a call at One Source Communications on 08442 570 111.