[BreachExchange] The 5 New Year’s Resolutions CSOs Should Have Made

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 14 19:34:28 EST 2017


http://www.securitymagazine.com/articles/87810-the-5-new-
years-resolutions-csos-should-have-made

It’s February. We all know you aren’t going to the gym and eating a salad
every day, so let’s stop pretending you’re keeping any of your other new
year’s resolutions. But instead of beating yourself up, let’s talk about
the resolutions you should have made – the ones that are actually going to
stick and make your life easier.  They might even impress your boss.

 Lose Weight

This is the time of year to pull your incident response plan off the shelf,
dust it off and read it in the context of 2017. Does it still meet your
company’s needs? Have you brought new personnel into key roles? Do you
still have a detailed guide for recovering a system that you replaced last
year? Do you use the phrase “prevention” more often than “mitigation?” If
you said yes, then it might be time to shed a few pounds of outdated
guidelines.

 Eat Healthy

It’s not enough to just audit the fat out of your old plan. You need to
actually incorporate smarter, fresher thinking. In 2017, healthy incident
response planning means realizing that there’s a lot more to being
resilient than just getting your network back up and running. Today, your
reputation has to be resilient, too. Businesses spend billions annually to
build and maintain strong, industry-leading reputations, but a single cyber
incident can wipe out that investment and tank the value of your brand and
company. For 2017, incorporate a communications response into your plan
before a crisis hits, and reduce the risk of an ineffective response
leading to a costly public backlash.

Exercise

As Vince Lombardi so famously said “Practice does not make perfect. Only
perfect practice makes perfect.” Obviously you know how to practice your
plan, but are you exercising it effectively? Only a realistic training
scenario can tell you whether you have a good plan in place. It’s a brave
new world. News doesn’t just come from your press releases anymore. With so
many messengers on social media and online blogs, information moves
quickly. You have to be prepared for leaks and misinformation to reach your
stakeholders, prompting questions you may not be ready to answer. The most
effective way to stay ahead of this curve in the midst of a crisis is to
practice like you’re really in one.

Save Money

The real cost of a data breach comes in post-incident revenue loss. When
you break trust with your clients, the impact on your company’s bottom line
can be deep. Being truly resilient means minimizing the impact. Through
fluency in both reputation management and security, a good crisis
communications plan bridges the gap between information security
requirements and PR demands. By incorporating a communications response
into your incident response plan, you can save your company millions in
today’s lost revenue and tomorrow’s potential earnings.

Live Life to the Fullest

The quickest way to fill your life with more excitement is to make new
friends. New people bring fresh ideas and expertise, which is exactly why
you should go meet the communications team. Despite what you may think, you
really do have a lot in common – mainly, you both want to protect your
company. You may go about it in different ways, but at the end of the day,
you’re going to be on the same team when an incident occurs. Meeting them
now and bringing them into your planning process will save you precious
time later when you don’t have to explain the difference between “viruses”
and “malware.” Besides, when something goes wrong, you’ll need all the
friends you can get.

As we kick-off 2017, rethinking a few basic resolutions will help you stay
ahead of the curve, increase your resilience and reduce your company’s
overall risk. Now, doesn’t that sound better than trying to floss everyday?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170214/86a6378e/attachment.html>


More information about the BreachExchange mailing list