Are You Ready for the Next Disaster – Cyber or Natural?

Our ever-connected digital world has recently been thrown into disarray. The CDK breach and CrowdStrike upgrade glitch stopped businesses and services in their tracks causing significant disruption and monetary impact. Implementing digital security is absolutely necessary, but developing a holistic approach that considers an all-hazards approach to business continuity and response capability is imperative.

Recently, Accelerate2Compliance™ hosted a three-part webinar series that addressed Information Security Incident Response Planning, Business Continuity Planning and practical, everyday methods to imbed security into business operations called “Walk the Walk.”  (Links to the three webinars are provided below)

In the first webinar, we discussed the process of developing an incident response plan for your unique organization. The six key elements of a plan were highlighted. Preparation, Incident Identification, Containment, Eradication, Recovery and Reporting were reviewed in the context of how to use the talents of the people in any organization and how to bring in third-party assistance when specific skill sets in these areas are required. A team approach to incident response is necessary in any organization and building this team. Training its members and giving them the tools they need to rapidly and effectively respond to an information security incident dramatically reduces the negative effects of such an event. This webinar concluded with a discussion on how to create response exercises based on likely scenarios we encounter in our businesses. These exercises help you assess the plan, identify areas of confusion and areas in which the business needs outside resources. It also facilitates updates and revision of your policies and can help identify any additional training to make the team members more capable of executing their responsibilities.

In the second webinar, we approached preparedness and response at the next level by talking about general business continuity and how we can plan for and react to a variety of incidents that can disrupt operations. The emphasis in this session was deliberate threat and risk assessments and using these assessments to design mitigation and response plans. The threat assessment process discussed focuses on an all-hazards concept. Human-caused and natural events can both pose threats to business operations. Planning for the most likely and most impactful events can reduce the downtime a business might experience. Again, we talked about the importance of building teams and delegating responsibility, both in preparation for and response to the threats and risk identified through assessments. Because no business can anticipate every possible threat scenario or have the resources to address every possible event, we talked about how to prioritize resources according to the businesses risk tolerance profile.

The final presentation in the series, Walk the Walk, focused on the importance of leadership driven commitment to building a security culture in the organization. Leaders set the tone and climate for virtually everything an organization does and doesn’t do. Leaders that demonstrate the habits they expect of their staff have more effective programs. Leaders that empower their people with key responsibilities have more sustainable and effective programs. This webinar discussed techniques on how to give members of the team responsibility for business continuity related areas from training to response and recovery. We also discussed the importance of making all the aspects of business continuity, information security, and incident response part of daily operations and not a one-off annual event that simply checks a box.

Severe weather, cyber criminals, nation-state threats, industrial accidents, and other threats face business and our personal lives every day. It can all seem overwhelming and make us want to give up, but with planning and preparation, we can make these events a little less daunting. The people we have in our organizations bring unique skills and talents, and when we enlist those skills and talents then enhance them with training and practice, we can significantly reduce the impact these events can have on our business. The examples we see in the news about communities coming to gather to help each other recover from floods, tornadoes, or hurricanes are inspiring. Business Continuity Planning and Incident Response Planning helps a business to build that sense of community on a smaller scale. It will also help to identify the members of your expanded business community with whom you need to develop relationships and incorporate into your plans and exercises.

The team at Accelerate2Compliance can be a part of your security culture and provide the resources and tools to build a strong information security program and consumer privacy rights compliance program. We can be one of your networks of strategic partners to help anticipate and prepare for your worst day.

Please watch our presentations on these key topics and reach out to [email protected] or call us at 844.637.5511 if we can help in any way.

Accelerate2Compliance Incident Response Planning

The only thing worse than a data breach incident, whether on your systems or a critical vendor, is not being prepared for it! This webinar provides an overview of the core components of an incident response plan and how you can best prepare to respond to a breach event. It also discusses who should be on your response team and how you can conduct exercises with your team to refine your plan and prepare your people.

Accelerate2Compliance Business Continuity

What events could disrupt your dealership’s operations? In this webinar, you’ll learn how to identify the types of events that can jeopardize your dealership’s continuous operation, how to assess and evaluate risk across your enterprise, tips on prioritizing resources, and what to consider when contemplating outside assistance in the event of a disruptive event.

Accelerate2Compliance Walk the Walk – Creating a Security Culture

Is your information security program simply window dressing, or is it doing what you need it to do? In this webinar, we discuss the characteristics of an effective information security program, how to balance people, technology, and administration, and techniques for assigning every team member responsibility within your program.