Preparing for the Worst: Essential IT Crisis Preparation Steps
Bad things can happen to any organization at any time. Comprehensive crisis preparation will speed the recovery and keep operations flowing smoothly.
June 8, 2023
Are you feeling lucky? If your IT organization hasn't yet prepared itself for a crisis, that's about the only thing you can hope for.
Alan Brill, senior managing director in the cyber risk practice at risk consulting firm Kroll, believes that the biggest crisis issue facing IT leaders is assuming that bad things will never happen to their organizations. "There has to be an understanding ... that things can change very rapidly," he says. Today's enterprises are highly interconnected. "You rely on supply chain partners, outsourced providers of ... services, and software that can suddenly become a huge security risk," Brill warns.
Brill reiterates that the biggest risk in crisis preparation is failing to believe that your organization can ultimately become a victim. "Without that acceptance, that you really are a target, planning becomes a nuisance instead of a key element of how your organization operates."
A Holistic Approach
While technology plays an important role in crisis response, it's only one part of a comprehensive strategy, says Sean O'Brien, cybersecurity lecturer and Yale Law School Fellow. "Effective crisis preparation requires a holistic approach that takes into account the needs of all stakeholders, including employees, customers, and the broader community," he states.
Doug Glair, director of cybersecurity at technology research and advisory firm ISG, says he still sees enterprises that lack any type of comprehensive crisis management structure. Meanwhile, other organizations have a plan, yet may only practice it once every few years, despite the fact that circumstances can change rapidly. "Technologies change, people change, business processes change, and an old plan can be as dangerous — if not worse — than no plan at all," he warns.
First Steps
Crisis preparation begins with planning — outlining the steps that must be taken in the event of a crisis, as well as procedures for data backup and recovery, network security, communication with stakeholders, and employee safety, says O'Brien, who founded the Yale Law School Privacy Lab. "Every organization should conduct regular drills and simulations to test the effectiveness of their plan," he adds. …
Read more about:
InformationWeekAbout the Author
You May Also Like