Assume for a moment the following events happened within the past few days at ABC Company located in Anytown, USA:
- A kitchen fire on another floor in the building resulted in a building evacuation at 1pm on Monday
- The internet connection went down at headquarters at 8am on Tuesday
- A junior employee’s laptop, placed in an overhead bin, was stolen sometime during a late morning flight on Wednesday
- A power outage hit one of the satellite offices and disrupted work for a few hours in the early afternoon on Thursday
- A breach of the website brought ecommerce to a stand-still for most of Friday
For any organization—and any IT Department—what a week! How would your organization respond? Would Monday and Tuesday be chalked up to random events, Wednesday viewed as unfortunate, Thursday as a string of continued bad luck, and Friday a pain but easily restorable from a backup?
What if every event holds a teachable moment
How would that transform and position your company for success? A 2011 article published in the Harvard Business Review stated, “Our research reveals a pattern: Multiple near misses preceded (and foreshadowed) every disaster and business crisis we studied, and most of the misses were ignored or misread.” All the events above, could be viewed as near misses, for each event could have been worse in some way: prolonged outages, a closer or bigger kitchen fire, a more senior employee’s laptop stolen, a website held hostage with ransomware, etc. Therefore, it’s important that each event, no matter the size, be addressed prior to the next recurrence because it may not be a near miss next time.
The kitchen fire elsewhere in the building is a good reminder to ensure that the business can withstand a catastrophe happening at the physical office: Are all paper files scanned, are files continually synced or regularly backed up to the cloud, is business-critical infrastructure housed offsite and/or replicated? For both the internet and power outages, these events serve as cues to confirm if the business can be tolerant of these unexpected outages. If not, redundant suppliers should be contacted or alternatives considered such as cellular fallbacks for internet or backup batteries or generators installed, depending on the business’ criticality and needs. The junior employee’s stolen laptop should prompt the organization to check and/or implement full hard drive encryption, MDM agent software, review of internal policies to direct if laptops should travel under the seat in front of the employee, as well as other industry-standard passive and active countermeasures to help protect company data when it has been physically stolen. Finally, the website breach is a teachable moment to ensure that all websites owned and operated by the company transmit on port 443, that the server has been hardened against downgrade attacks, two-factor authentication is in use for all administrators, that the site has Strict Transport Security (HSTS) enabled, and that the certificate is valid and has a strong key, among other details.
BizzSecure’s team of experts have nearly a century of combined experience planning for the worst yet hoping for the best. We’ve seized upon as many teachable moments as possible to ensure that we devise a plan to address each near miss and plan for a brighter future. The first big step in doing so is taking an assessment (PCI, HIPAA, ISO, NIST, among others). These assessments prepare your organization for questions that not only are industry standard but also are questions that future clients and auditors may ask about in any upcoming stages of business. If an assessment asks if intrusion detection and intrusion prevention are active on your firewall setup—and those countermeasures are not yet active—this is your “near miss” to ensure that is addressed before it becomes too late. Please reach out to BizzSecure at the bottom right-hand corner of your screen and chat with us today to secure a better tomorrow.