✓ Do you have a password policy and procedure ? More importantly , is everyone in your organization following it ?
✓ Do you have current policies and procedures regarding adding antivirus software and patches ?
✓ How does your backup work and what does it cover ?
“ In a recent survey ,” Mike says , “ onethird of companies admitted their backups were not good enough if they ever had to recover from an incident . They risk losing considerable data and productivity .”
✓ Are you simply protecting your end points with antivirus software ?
✓ Do you have a user-awareness training program ?
Simply sending out a phishing email test once a quarter is not sufficient . You should implement an ongoing awareness program that trains every team member .
STEP 3 : DETECT
People often assume burglar alarms prevent robberies . However , it ’ s more of a detection tool because an alarm sounds and people are notified of a potential incident . In cybersecurity , the proactive stage of detection is crucial to significantly reducing exposure and preventing data theft .
✓ Can you detect when your network is potentially compromised ?
✓ How soon after this compromise do you get an alert ?
“ Many ransomware attacks start with the hacker breaking into the system months before they lock your data and request a large payment ,” Mike says .
STEP 4 : RESPOND
You come into the office , find your system is down , and can ’ t access any files . Fear consumes you as you stare at a daunting message saying you won ’ t get your customer records until you pay $ 25,000 — or more . What do you do ? Mike says , “ The steps you take next could very well determine if you get your data back , how much you pay , if anything , and just how long your employees are sitting idle and unproductive .”
✓ How do you mitigate the threat and isolate it to a single computer ?
“ Most people simply turn off the compromised computer ,” Mike says . “ That ’ s not necessarily what you do . Rather , you keep it on and disconnect it from the network . Also , instead of scrubbing the machine , it ’ s important to do forensics on it to prevent further damage .”
✓ Have you documented your response plan ?
✓ Whom do you need to call — your cyber liability insurance or the authorities ?
✓ What is the message you want your staff to convey to customers , clients , vendors , etc .?
STEP 5 : RECOVER
“ This is why I love my job and our team ,” says Mike . “ In the rare case where a client endures a cyberattack , I get to call and tell them that our managed backup-solution process worked — we successfully remediated the exposure and recovered all their files . At that moment , I can feel all their worries melt away .”
But if you want a happy ending to your own story , it ’ s crucial that you have a plan in place to successfully restore and return your affected systems and devices back to normal . Here are questions to consider during the recovery step :
✓ Can the system be restored from a trusted backup ?
✓ How soon can systems be returned to production ?
✓ How do you ensure similar attacks will not reoccur ?
For over 27 years , Mike Moran and his team have been affiliated with their clients to help them accomplish their goals . He says , “ We have customers who have counted on us for 12 , 15 , and even 18 years . We do everything we can to improve their protection and improve their efficiency . We are affiliated with them , and they are affiliated with us . Hence , our name — Affiliated Resource Group .”
For more information on Affiliated Resource Group , visit AResGrp . com .
9 QUESTIONS EVERY ORGANIZATION NEEDS TO ANSWER TODAY
You should never abdicate the critical pieces of your business . That includes information technology . While your internal IT team or third-party IT provider should handle your cybersecurity technical environment , you should also have a clear picture of your cybersecurity policies and procedures . After all , a cyberattack will negatively affect your business , your finances , and your productivity .
At the very least , you should know the answers to these nine crucial questions :
1 ) What do we want to protect ? 2 ) What are we required to protect ?
Mike Moran says , “ Your state , your industry , and the type of data you collect determine if you must protect that data or risk fines and lawsuits .”
3 ) How are our applications prioritized , and which of them are most important ?
4 ) What are the relevant threats to our organization ?
“ While everyone thinks of external threats like ransomware and viruses , you must also consider internal threats ,” says Mike . “ As an example , your customer list is an attractive asset to employees who are considering leaving the organization .”
5 ) How comfortable are we as an organization with our ability to actively respond ?
6 ) Who is responsible for our programs ?
Mike says , “ Simply saying , ‘ My internal IT team or our third-party IT provider is responsible ’ is the wrong answer . Everybody in your organization , especially the leadership , is responsible .”
7 ) Do we have a response plan in place in case we get hit ?
8 ) When was the last time we reviewed and updated our systems or had a risk assessment ?
9 ) Can we do this ourselves ?
MSPSUCCESS . COM | 25