Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Why does it always happen to HR on a Friday!

published on 2022-03-15 09:11:18 UTC by fionabail
Content:

Well, it doesn’t, it can happen at any time but let’s take the Friday afternoon example.

Imagine…

Friday afternoon. Work slowing down, anticipation of a relaxing weekend ahead. In fact, you have tickets booked to see your favourite show.

Come on 5 o’clock, well maybe 4 o’clock, it is a Friday after all.

Man in suit, sitting in chair relaxing overlooking scenic view

But then…

Image of computer screen showing ransomware message

WHAT!!??!!

Um…

What do I do now?

Pull out the incident response plan.

What’s that? You haven’t got one? Oh.

What’s an incident response plan?

A procedure to follow in the event of a cyber incident so everyone knows what to do and who is responsible for doing what. Having a plan in place can help respond to incidents effectively and enable a calmer response.

What’s a cyber incident?

Image of crime scene tape with someone in white paper suit and blue latex gloves holding the tape

The National Cyber Security Centre (NCSC) defines a cyber incident as:

  • A breach of a computer system’s security policy to affect its integrity or availability.
  • The unauthorised access or attempted access to a computer system.

So, in layman’s terms, a cyber criminals is trying or has succeeded in breaching your systems and stealing or encrypting or infecting your data.

Do I really need one?

Yes.

If your computer systems went down, how would you contact your staff?

Would you pay a ransom if you were infected with ransomware?

What contact number do you need for your IT; is the number you need on the system that you can’t access?

Creating an incident plan is a little like have a fire escape route and assembly point planned out. It makes you consider the actions that you will take in the event the worst happens, and by having an answer to the questions already, means you have one less thing to worry about when potentially you have a serious incident on your hands.

How do you start creating a plan, it seems like a lot of work!

As a starting point we have created a template for you to start building your plan from. You can download it here.

The template contains flowcharts and checklists as well as posters so that your team can see what actions they need to take should they be the first aware of a problem.

Image of title page of the incident response plan template

What else should you do?

Like running fire alarm drills, you should also practice your incident response plan and make sure that it is as good as possible before you need it. You want to be able to sleep through a storm and not worry that your roof is going to be blown off.

We can help you to do this by running business continuity exercises. We use elements of the international business continuity management systems standard ‘ISO/IEC 22301:2019’ as a model to review your continuity planning and includes aspects such as internal and external (customer and public) communications, recovery objectives (tolerable downtime, tolerable service loss), disaster recovery and recovery testing and exercises.

Further guidance & support

The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.

You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.

We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.

Policing led - business focussed

Article: Why does it always happen to HR on a Friday! - published over 2 years ago.

https://www.ecrcentre.co.uk/post/why-does-it-always-happen-to-hr-on-a-friday   
Published: 2022 03 15 09:11:18
Received: 2022 03 15 09:30:43
Feed: The Eastern Cyber Resilience Centre
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor