Cyber Security Threats – How can you Prepare and What to do After
Cyber security threats are becoming an ever-growing issue as technology and digital information continues to grow and evolve. These types of incidents are a malicious means to steal or destroy data or disrupt computer systems and could result in a breach of personal or personal health information if they do occur. Some common security threats include malware, phishing, and ransomware.
What steps can an organization take to reduce the risk of a cyber security incident and any potential breaches that may come from it? The following are some things to consider:
- Keep your software and systems updated regularly.
- Use strong passwords and change them frequently to limit the risk.
- Use security software and a firewall to protect your network and data.
- Use multi-factor authentication for your accounts.
- Back up your data regularly.
- Train yourself and your staff on basic cyber security principles and how to spot suspicious activity.
- If you use an outside information technology provider or information management services provider (IMSP), be sure to have agreements in place for regular monitoring of security threats and updating of any security software.
- Develop and follow cyber security policies and procedures.
- Have a cyber incident management plan in place so that managing the attack can begin immediately and staff will know their role.
A cyber security incident has occurred – now what?
Implement your cyber security incident management plan which may include things like the following:
- Identify potential evidence, preserve it, and ensure nothing is lost or damaged.
- Isolate your network from the Internet and activate your incident response plan.
- Take note of who was present in your organization before, during, and after the incident.
- Appoint a point of contact for law enforcement officers to speak to directly and gather information about the incident.
- Document the report number provided to you by law enforcement.
- Anticipate law enforcement may need access to your equipment to analyze the technological components of the cyber incident. The police will work with you to collect evidence while minimizing the impacts to your business and recovery efforts.
- Provide logs, employee statements, emails, and other similar items as potential evidence.
- Produce a list of key contacts within your organization for law enforcement.
- Communicate the incident to staff, business associates, clients, and partners.
- Review your cyber security policies and ensure your staff receive training.
- Consider purchasing anti-malware and anti-virus software for your network and devices.
- Enhance your data security with protective measures (e.g., firewalls, virtual private networks, encryption).
- Prepare your organization for the possibility of testifying in court.
Government of Canada. (November 2021). Have you been a victim of cybercrime?
Our office has issued some investigation reports involving this topic:
Some resources available for information on these types of incidents: