High-profile cyber security breaches such as the recent WannaCry virus shine a spotlight on how prepared – or unprepared – organizations are to deal with security crises.
Cyber criminals are finding more and more ways to infiltrate computer networks using a range of tactics, from malware and phishing to ransomware and hacking to compromise computer systems, steal data and hold entire businesses to ransom.
The best way to manage a cyber security attack is to put measures in place to avoid the situation in the first place. This includes having good security systems, keeping software up-to-date and patched, not using outdated and unsupported software and providing staff with cyber security training.
However sometimes even the best laid plans can go awry and your organization may find itself in the grip of a cyber security crisis. What next?
The first thing to do is not panic. You need to act quickly and assess the threat, and if possible contain it and isolate it and stop it from spreading to other computers on your system.
Next you need to assemble your crisis response team. In addition to representatives from your IT department you should also include teams such as communications, legal and HR depending on the breach and the wider implications that the attack might have on your brand and your internal and external relationships.
The next step is to secure the breach and ensure business continuity as best you can. It may be that only some of your systems are compromised and these will have to come offline while you repair the situation.
Investigate how the breach of your cyber security happened in the first place and put mitigation strategies in place to ensure it can’t happen again.
Throughout all of this you will need to communicate with your staff. The best policy is to be honest about what has happened, and keep them informed of any developments as they the situation unfolds.
Using DeskAlerts is an excellent way of communicating with your employees during a cyber security attack.
Given the nature of viruses and their ability to spread so quickly, sending an email to staff simply isn’t going to cut it when you need them to act immediately. An email buried in an overloaded inbox is easy to overlook.
Sending critical information via the DeskAlerts system will ensure your employees are notified immediately about any internet or security crisis affecting your organization. They can then be given detailed instructions about what to do – or not to do – to avoid the spread of malicious software.
You can also keep them up-to-date about what systems are affected, what systems are working, what sort of data has been compromised and so on.
DeskAlerts can also be used for security awareness training to help prevent attacks. Some 59% of cyber security breaches that befall organizations originate with employees opening suspicious email attachments, clicking malicious links or falling victim to phishing attempts.
By delivering advice straight to their computer desktop as part of an ongoing internal communication education campaign, you can impart practical advice to ensure everyone is on the same page.