Cybersecurity 101: Basics for Business Continuity Professionals
Faced with the persistent threat of cyber attack, is your organization investing time in cyber security training as part of its business continuity planning?
Human error plays a role in a surprising percentage of successful cyber breaches, as it is surprisingly easy for employees to unknowingly open a malicious email or accidentally download a virus. On the flip side, individuals are vital to successful business continuity efforts. By creating a basic cyber security training program at your organization, you stand to not only avoid some cyber threats, but also bolster your business continuity program.
Here, we discuss some of the basics of cyber security so as you collaborate with your IT team, you'll have a better understanding, as well as how it relates to business continuity, to start from.
Cyber Threat Basics
Cyber criminals use a wide range of tactics to attempt to breach an organization’s IT systems. These attacks are the most common and often the most effective:
Malware: Harmful software, such as viruses and ransomware, that gives the attacker a toehold in a user’s computer. Malware can enable the hacker to take control of a computer, monitor activity, attack connected networks, and more.
Phishing: Most often, phishing attempts arrive in the form of an email claiming to be from someone you trust, such as a friend or your bank. The emails typically contain an attachment or link that, when opened, installs malware on your computer.
Denial of Service (DoS): In a DoS attack, hackers purposely flood a website with more traffic than it can handle, which overloads its servers and can cause it to crash.
Man-in-the-Middle Attacks: Hackers can sometimes hijack a user’s browsing session by inserting themselves between the user’s computer and the remote server being used. This allows them to gain access to a user’s private data, such as Social Security numbers and bank account information.
SQL Injection Attacks: In this scenario, a hacker attacks a server that uses SQL, a type of programming language that is used to communicate with databases. The attacker uses malicious code that forces the database to divulge important information, such as passwords, user names, and credit card information.
Cybersecurity and Business Continuity
In today’s world, cyber security and business continuity go hand in hand. If your organization is hit by a cyber breach, your customers, employees, and bottom line are all going to be impacted. Cyber threats remain one of the fastest-growing areas of risk to business continuity.
Best practices involve integrating your IT cyber security response into your overall business continuity structure, instead of having two separate, siloed programs. Following are a few ways to align the two efforts:
- Include IT leadership on your business continuity or crisis management team to ensure that the cyber security perspective is always included in planning, training, and preparation efforts.
- Incorporate cyber security response planning into overall business continuity planning. As with any other crisis, the response for a cyber threat should leverage the strengths and capabilities of every department, rather than simply being the responsibility of IT. For example, consider how the public relations and customer service departments should respond in the event of a cyber breach in order to ensure business continuity.
- Streamline crisis communications using a single cloud-based software platform or mobile application. This will ensure that each department, as well as the crisis management team, has access to all relevant documentation during the fast-moving moment of crisis.
Finally, it’s important to recognize that cybersecurity training should be a priority within any business continuity program. Ensure your employees understand their role in cyber security—e.g., how to identify suspicious emails and how to create strong passwords. Regular training will help ensure that your organization’s people are part of the solution to cyber threats, rather than part of the problem.