Preparing for the Worst: Essential IT Crisis Preparation Steps

Bad things can happen to any organization at any time. Comprehensive crisis preparation will speed the recovery and keep operations flowing smoothly.

InformationWeek

June 8, 2023

2 Min Read
crisis management
Alamy

Are you feeling lucky? If your IT organization hasn't yet prepared itself for a crisis, that's about the only thing you can hope for.

Alan Brill, senior managing director in the cyber risk practice at risk consulting firm Kroll, believes that the biggest crisis issue facing IT leaders is assuming that bad things will never happen to their organizations. "There has to be an understanding ... that things can change very rapidly," he says. Today's enterprises are highly interconnected. "You rely on supply chain partners, outsourced providers of ... services, and software that can suddenly become a huge security risk," Brill warns.

Brill reiterates that the biggest risk in crisis preparation is failing to believe that your organization can ultimately become a victim. "Without that acceptance, that you really are a target, planning becomes a nuisance instead of a key element of how your organization operates."

A Holistic Approach

While technology plays an important role in crisis response, it's only one part of a comprehensive strategy, says Sean O'Brien, cybersecurity lecturer and Yale Law School Fellow. "Effective crisis preparation requires a holistic approach that takes into account the needs of all stakeholders, including employees, customers, and the broader community," he states.

Related:The Unintended Consequences of Banning Ransomware Payments

Doug Glair, director of cybersecurity at technology research and advisory firm ISG, says he still sees enterprises that lack any type of comprehensive crisis management structure. Meanwhile, other organizations have a plan, yet may only practice it once every few years, despite the fact that circumstances can change rapidly. "Technologies change, people change, business processes change, and an old plan can be as dangerous — if not worse — than no plan at all," he warns.

First Steps

Crisis preparation begins with planning — outlining the steps that must be taken in the event of a crisis, as well as procedures for data backup and recovery, network security, communication with stakeholders, and employee safety, says O'Brien, who founded the Yale Law School Privacy Lab. "Every organization should conduct regular drills and simulations to test the effectiveness of their plan," he adds. …

Read the rest of this article on InformationWeek.

Read more about:

InformationWeek

About the Author

InformationWeek

InformationWeek, a sister site to ITPro Today, is a trusted source for CIOs and IT leaders seeking comprehensive and authentic coverage of the constantly evolving world of technology and its impact on business. Our experienced and ethical journalists conduct in-depth examinations of crucial issues and the impact of global events on IT operations and strategies, helping forward-thinking executives stay at the forefront of their industries. InformationWeek also provides a platform for enterprise IT leaders and leading tech companies to share their insights and experiences through exclusive interviews, opinion pieces, and events, offering firsthand accounts of strategies, trends, and innovations.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like