Four steps to combatting cybercrime with crisis management
As cybercrime runs rampant, reports of major cyber incidents and data breaches continue to dominate headlines and wreak havoc on organizations of every type – as this infographic shows.
These breaches can have a potentially devastating effect on a company’s reputation or financial position. Yet too many organizations continue to treat these breaches as technical problems that require technical solutions.
Bill Gates famously said that “a company needs to have good business reflexes, to be able to marshal its forces in a crisis or in response to any unplanned event”.
Companies need to remain prepared for such cyber crises. This entails not only creating—and testing—an incident response plan, but also establishing the capability to respond to a significant cyber event with a cyber-crisis management solution. Indeed, the cyber crisis management solution can be your organization’s key to data breach security and survival. Here, we offer our best practice tips for dealing with such breaches.
1. define what constitutes a crisis
A crisis is defined as a major, unpredictable event that threatens to harm an organisation and its stakeholders. This type of event can strike a business at any time and can arise from a variety of incidents, including natural disasters, accidents, pandemics, fraud or crimes such as kidnap and product contamination. A security breach resulting in death or injury to personnel or damage to property and inventory can represent a crisis type event for any organisation. This should be positioned in a roadmap similar to this.
2. develop a crisis management plan
A well-developed Crisis Management Plan is a crucial part of any company’s risk management strategy. It provides an organization with a competitive advantage and enables a business to effectively respond to a crisis, minimising the impact to the operation and reputation of the company. Any Crisis Management Plan should include a comprehensive security management component that encompasses physical and personal security.
3. ensure the plan is regularly tested and updated
All organisations should have a Crisis Management Plan that is regularly tested and updated to re detect changes in the business; country and/or political risk; and any other factor which could have an impact on the organisation, its customers or suppliers.
Crises require urgent attention to minimise loss and/or damage to reputation, and therefore crisis plans should be enacted within 24 hours of an event occurring. Security Risk Assessments should be conducted at least every two years and immediately following a change with the potential to alter the risk profile of the organisation. This is particularly important in the financial services sector, where crime has soared in recent years.
4. run audits to test for benefits of this roadmap
The benefits of having a crisis management plan that encompasses potential security issues should include:
- reduction in the potential adverse affects that result from a poorly handled crisis;
- protection of people and property;
- ensuring continuity of supply for key customers; and
- obtaining a competitive advantage by having a robust crisis management plan that will allow the organisation to adequately handle any crisis.
The general practice that all enterprises should follow when dealing with crisis management can be summarised with three r’s: react, respond and resolve. PricewaterhouseCoopers has more on this in this useful report.
Are you taking your cyber security seriously in this era of constant crisis management?
image © Andrea Danti - Fotolia.com