Company Cybersecurity Response Plans Protect Your Business

With so much of life and business happening in the digital realm, effective cybersecurity is more important than ever for your business. Taking security measures is essential, but it’s equally important to have a plan if the worst does happen. A proactive approach to company cybersecurity can make a big difference in stress levels and have a big effect on how your company recovers from a breach.

See 3 Steps to Take After a Data Breach with Robert Anderson Jr. for a complete transcript of the Easy Prey podcast episode.

Robert Anderson, Jr., is the chairman and CEO of Cyber Defense Labs, a full-service cybersecurity company that does both proactive and reactive company cybersecurity. He has been the chairman and CEO for the past five years. His career started with nearly a decade as a Delaware state trooper. After that, he spent twenty-one years as an FBI agent. By the time he retired from the FBI to do cybersecurity in the private sector, he was an Executive Assistant Director. In that role, he was in charge of all global cyber operations and had nearly three-quarters of all FBI agents working under him.

From Law Enforcement to Cybersecurity

Robert didn’t start his career intending to work in cybersecurity. When he started as a state police officer in 1986, digital crime wasn’t a problem. At that time, a bad guy had to break into your house or physically touch you in order to hurt you. Thirty years later, Robert was working with the FBI when they started focusing on virtual currency. Everyone started asking what a virtual currency actually was. There weren’t even any laws about virtual currency – all the laws were about tangible property, and virtual currency wasn’t tangible.

By the end of Robert’s FBI career in 2015, every single conversation with the FBI Director, the Attorney General of the United States, and with Congress focused on cyber topics. Whether it was cyberterrorism, cyber counterintelligence, or cybercriminal activity, every conversation was focused on cyber-related concepts and issues. In over thirty years of watching bad guys, Robert has seen them evolve into digital spaces. That’s why when he retired from the FBI, he started doing company cybersecurity in the private sector.

A Proactive Approach to Company Cybersecurity

I’m a big believer in anything you can do before something bad happens is the best thing for your company.

Robert Anderson, Jr.

Robert always encourages companies to think about company cybersecurity before a breach or attack happens. Bringing in experts after a breach or attack is a bit like showing up after a car accident. They can investigate it and fix what went wrong so it doesn’t happen again, but they didn’t prevent it. A proactive approach is always going to be the best decision.

Cyber Defense Labs takes a two-pronged approach to proactive company cybersecurity. One side of that approach is looking internally. What policies and procedures are in place? Is the company prepared for a breach or ransomware attack? Do they know what to do with their data? Is the company resilient? Is the data segmented? Can they get the data back? They examine the processes and systems in place to make sure the company is prepared in case of an attack.

The other side of their approach is looking outside to secure against attacks. They identify endpoints and put up protection and firewalls around them. They look at risks on the managed service side of things. Are there bad guys “knocking on the door” trying to get in? They identify where they’re knocking and put defenses around those places.

Cyber Defense Labs tries to get both the internal and external sides of cybersecurity because breaches aren’t just business interruptions. Once a breach happens, it’s a critical incident. It could even be the end of the company if it isn’t handled quickly and correctly.

The Essential Thing Almost Every Company Gets Wrong

Robert worked on thousands of breaches when he was with the FBI, and has worked on thousands more in the private sector. And he’s found that most companies don’t have a process for recovering data backups. They know they need redundant data and segmented data and to be able to restore the systems. But they don’t actually know how to restore those systems or if the backups even work.

In ninety percent of the companies Robert has worked with, even a written incident response plan doesn’t work. He sits down and run them through a mock incident with their written plan, and it never fails that something no longer works. Critical pieces were handled by people who aren’t with the company anymore, or they have data backups but don’t know where they are or don’t have someone with the skills to restore it. They have a plan and it would pass an audit, but they would never be able to actually implement that plan in case of a crisis.

Having a plan that actually works is the foundation of good company cybersecurity and managing a critical incident. Cybersecurity and its problems needs to be a daily conversation, whether your company has ten employees or a hundred thousand. You don’t need to structure your life around it, but you need to have conversations with the leadership team. Have you updated your response plan lately? Are you familiar with the latest ransomware? Just having regular casual conversations about company cybersecurity will put you in a better place to deal with problems.

This isn’t anything advanced. This doesn’t even cost you any money. You just need to exercise the plan.

Robert Anderson, Jr.

The Threat of Ransomware

In a ransomware attack, a cybercriminal accesses your device and encrypts all your data. You then can’t access your data until you pay the ransom and the criminal releases it. The conventional wisdom is that if your company is hit by a ransomware attack, you can just restore your data from a backup and not worry about paying the ransom. That works great if you’ve restored from a backup before and know that it works. If you haven’t, it becomes a problem.

Through Robert’s career, he has seen cybersecurity companies pay hundreds and hundreds of ransoms for clients. Why? Because most clients said they had a backup, but when they went to restore it, they found it didn’t actually exist. The company now has a choice to pay the ransom or go out of business. A large portion chose to pay the ransom.

Because the company didn’t have a company cybersecurity plan in place, they were left with a choice between two bad options. They don’t want to pay that ransom, but if they don’t, they won’t get their data back and the company will likely die. If they do pay, they get their data back, but they lose that money and it propagates more ransomware around the world. Cybercriminals will keep doing it as long as it’s profitable, and as long as companies pay the ransoms, it’s profitable.

Changing Laws About Ransomware Responses

Laws and regulations around ransomware have changed dramatically in the last year. Companies now need to be more careful about paying the ransoms. Before even thinking about paying, consult with a law firm. The Department of Justice is taking a harder stance against the victim, and paying a ransom may have legal ramifications.

Department of Justice has some very strict guidelines around paying ransoms. Ransomware is a trillion-dollar industry, and they’re trying to limit it by limiting payments. If you’re considering paying, they will look at if it’s legal. Are you violating any type of audit or fiscal responsibility by paying that ransom? Do you need to report it somewhere or make a public announcement? If a company pays the ransom, they may end up with the government digging through their affairs and holding them responsible.

You need to be informed and understand these laws before you even get near a ransomware thing because inadvertently, as a CEO or chairman of a board, you may make a decision that has civil or legal complications for your own company.

Robert Anderson, Jr.

Making a Company Cybersecurity Response Plan

The very first thing Robert talks about with clients is what they are going to do in various scenarios. Lots of companies don’t take the time to ask “what if?” An integral part of company cybersecurity is considering those what-ifs and having a plan in place. If a breach happens, how is your company going to respond? Have you verified that you can get your data back If you’re hit by a ransomware attack? If a company doesn’t think through those things, a critical incident has to be managed on the fly. Without a plan, it can quickly become a disaster.

The time to talk about it is today, not during the ransomware [attack].

Robert Anderson, Jr.

As a child, we all had fire drills at school. The alarm went off, and everyone got up, went out that door, and your class lined up in that particular spot. Everyone knew how it worked. Making a company cybersecurity response plan is a similar concept. You don’t need to be an expert. You can call in experts if needed. But you do need to know what’s going on. When you have a plan, it takes some of the stress out of these incidents. You may not know how to solve a ransomware attack, but with a plan, you know who you’re calling and how it can be fixed.

Get Experts On Board

Prepare a list of experts you’ll call in advance. Find a law firm, a cybersecurity firm, an incident response firm, and anyone else you need. If you have cyber insurance, make sure you know who to contact and what they need to know.

Don’t wait until the day of the breach to meet these people. Meet them, talk to them, interview them, and make sure you’re comfortable with them and they’re experts in what you’re hiring them for. Don’t just rely on internal employees. Even if your company is large and has its own general legal council, for example, they’re going to be busy with other company matters. Hire an outside law firm that specializes in cybersecurity matters.

Prepare that list of who you’re going to call as part of your company cybersecurity response plan. Be ready to bring in that outside support. Robert suggests having these people on speed dial for an even faster response. Having a list of people who you or someone on your team has met and vetted previously will make handling a worst-case scenario easier. You’ll already know who to call instead of scrambling for whoever is available.

Prepare for Limited Communication

If your company’s systems are locked up by a ransomware attack, how will you talk to your employees and your customers? It’s not as easy as it sounds. Remember, your email is down due to the ransomware. If your employee and customer data is all stored in digital systems, chances are those are locked by the ransomware, as well.

There are ways to communicate, but you have to have a plan. If you haven’t planned ahead, chances are that you won’t be able to tell them anything. They’re going to fill in the blanks with their own imagination if you don’t explain the situation. And whatever they come up with is probably going to be even worse than the reality.

Ensure the Bad Guys are Out of Your System

When you are calling in experts, make sure that you have one that can ensure the bad guys are entirely out of your systems. Robert sees it happen all the time. A company gets through the incident and notifies everyone that the breach is contained. When Robert and his team come in to do breach remediation, they’re told that the bad guys were out three months ago. But while they’re doing their assessment, the company is breached again.

This isn’t because the bad guys got back in. It’s because when they were in the first time, they left something behind that activated remotely and sent more data to the bad guy. It’s like putting a bomb in your desk that’s set to go off after a certain amount of time. The bad guys themselves were kicked out, but everybody missed the bomb they left behind and the bad guys got even more company data. Robert has seen several companies in the last year suffer this.

Robert’s Personal Cybersecurity Measures

After spending so many years working with company cybersecurity, Robert has developed some measures to protect his personal cybersecurity, as well. He uses two-factor authentication on everything. He doesn’t open any email if he doesn’t know who it’s from. In fact, his CFO once had a staff member send him a document to sign, and since Robert didn’t recognize the sender, he deleted it without opening it. When the CFO called an hour later to ask if he signed the document, he asked, “What document?” When she explained about the email, he told her that unless someone calls beforehand to tell him they were sending a document, he’d delete it. Since then, he hasn’t received any document where someone hadn’t called first.

Most people think they don’t have time for that. Robert says you do – or at least someone on your staff does. When he works on company cybersecurity and investigates how breaches happen, it’s not from people trying to destroy the company. It’s from conscientious employees who are busy with work and life. They click something wrong, and suddenly it’s a disaster. Robert’s policy is to be extraordinary cautious. If he doesn’t know where the email is coming from, he deletes it.

Robert also doesn’t use public wifi, ever. If he’s in an airport lounge, on the train, or even in a coffee shop, he doesn’t log into wifi. He uses the hotspot from his phone. Bad guys love to use public wifi to get access to things they shouldn’t have. Robert doesn’t risk it.

I know we all [use public wifi] out of necessity … [we] just log on for a second. You don’t realize that potentially there’s a guy or gal that has been sitting there all day waiting for you.

Robert Anderson, Jr.

Company Cybersecurity is an Uphill Battle

Robert wants people to listen to one thing if nothing else: Educate your employees, team, and staff. Education is the front line of company cybersecurity. No matter how many employees you have, educating them about threats will stop most of them.

Educate your employees, your team, your staff. … It’s the number one thing. That’s the front line of every company.

Robert Anderson, Jr.

When Robert was a state trooper in 1986, if you had lights and an alarm on your house, nobody burgled you. It was hard. They went to the next house with less security. You need to think of company cybersecurity like that. The bad guys don’t want to work, they want an easy payday. If you’re not an easy target, they will move on.

The potential for companies to be breached today is very high. If the worst does happen, it can be a lot of stress on executives, employees, and shareholders. Having a company cybersecurity plan in place and taking proactive steps not only makes the crisis easier to deal with, it reduces stress on everyone.

It’s beyond a business interruption. If you have a large-scale breach, this is a business crisis until it’s handled.

Robert Anderson, Jr.

Learn more about Robert Anderson, Jr., and Cyber Defense Labs at cyberdefenselabs.com. There, you can find Robert’s contact information, as well as more information about him and all of the executive leadership team. You can also find Robert on LinkedIn.