Feature
crisis management Alamy
IT Operations and Management>IT Operations

Preparing for the Worst: Essential IT Crisis Preparation Steps

Bad things can happen to any organization at any time. Comprehensive crisis preparation will speed the recovery and keep operations flowing smoothly.

Are you feeling lucky? If your IT organization hasn't yet prepared itself for a crisis, that's about the only thing you can hope for.

Alan Brill, senior managing director in the cyber risk practice at risk consulting firm Kroll, believes that the biggest crisis issue facing IT leaders is assuming that bad things will never happen to their organizations. "There has to be an understanding ... that things can change very rapidly," he says. Today's enterprises are highly interconnected. "You rely on supply chain partners, outsourced providers of ... services, and software that can suddenly become a huge security risk," Brill warns.

Related: The Unintended Consequences of Banning Ransomware Payments

Brill reiterates that the biggest risk in crisis preparation is failing to believe that your organization can ultimately become a victim. "Without that acceptance, that you really are a target, planning becomes a nuisance instead of a key element of how your organization operates."

A Holistic Approach

While technology plays an important role in crisis response, it's only one part of a comprehensive strategy, says Sean O'Brien, cybersecurity lecturer and Yale Law School Fellow. "Effective crisis preparation requires a holistic approach that takes into account the needs of all stakeholders, including employees, customers, and the broader community," he states.

Doug Glair, director of cybersecurity at technology research and advisory firm ISG, says he still sees enterprises that lack any type of comprehensive crisis management structure. Meanwhile, other organizations have a plan, yet may only practice it once every few years, despite the fact that circumstances can change rapidly. "Technologies change, people change, business processes change, and an old plan can be as dangerous — if not worse — than no plan at all," he warns.

First Steps

Crisis preparation begins with planning — outlining the steps that must be taken in the event of a crisis, as well as procedures for data backup and recovery, network security, communication with stakeholders, and employee safety, says O'Brien, who founded the Yale Law School Privacy Lab. "Every organization should conduct regular drills and simulations to test the effectiveness of their plan," he adds. …

Read the rest of this article on InformationWeek.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
employees working together at workstation
Can Platform Teams Improve Shared Services?
Mar 06, 2024
acronyms
Essential IT and Cybersecurity Acronyms Every ITOps Pro Should Know
Feb 19, 2024
two road signs--one "outsourcing" and the other "in-house"
Striking the Right Balance: When IT Outsourcing Is Not Beneficial
Feb 14, 2024
SRE under a magnifying glass
SRE Practices Evolve as Systems Become More Complex
Jan 10, 2024