Meadows Bank
Accounts Loans Services Connect
www.meadowsbank.bank May 2022
HOME
Disaster Preparedness

Have you ever wondered how large companies recover from cyber attacks that result in huge data breaches or even natural disasters?  Have you thought about what you can do to recover if you, your family or your business faced a cyber incident or natural disaster?  In this month’s issue, we will discuss the importance of disaster preparedness based on the well-known National Institute of Standards and Technology (NIST) framework; Identify, Protect, Detect, Respond and Recover.  This framework can be adapted to cyber incidents or natural disasters.

Identify is the first step in disaster preparedness.  This involves considering threats that are likely to occur where you or your business is located and the resulting impact if the disaster occurred.  For instance, power outages may be more prevalent in some areas than a tornado.  Or hurricanes may be frequent in certain parts of the country that do not experience earthquakes.  In the cyber world, spear phishing or CEO fraud may target all companies, but those accepting credit card payments may be specifically targeted in a different way.  Taking the time to identify the likelihood and impact of specific threats will prepare you for the next step of protecting your valuable assets.

Protect is the step in this process where you consider security measures that you can put in place.  To protect against cyber threats, you may consider digital/logical tools like antivirus programs, firewalls, training, network segmentation and access control.  Physical security could include door locks, alarm systems (fire and burglar), surveillance cameras and proper lighting.  Having put in protective measures, you will next need to have tools to detect indications of compromise.

Detect is the process of discovering if a breach has occurred.  In this case, physical detection is often easier than digital forensics.  In the case of theft, individuals may readily notice items missing or evidence of forced entry.  In the cyber world, tools such as intrusion detection and intrusion prevention are essential to detect a compromise of your systems.  Other valuable tools include reporting and alerting, management oversight and network review.  Despite these three steps, you may still fall victim to an attack or disaster.  In that case, the next step in the framework is to respond.

Respond is a crucial step if disaster or attack happens.  This is when having a well thought out plan, based on a solid framework, such as NIST, will help you to work through the crisis.  Things to keep in mind when responding to a natural disaster or physical theft is to always think safety first.  Is the facility structurally sound for reentry?  Is there a criminal element still present?  If access is safe, the response process could include contacting all critical parties, including certain agencies, preparing a report of events, confirming the well being of others and securing remaining valuable assets.  Responding to cyber-attacks should include segregating affected systems, engaging a digital forensics team, systems hardening and notification to key stakeholders and certain agencies.  Once the respond process is complete to a satisfactory degree, the final step is to recover.

Recover is the final step in the NIST framework where you return to normal operations.  This step is vital to moving forward.  It includes creating a list of lessons learned to be better prepared in the future, improving processes where needed and communicating with key stakeholders.

The NIST framework is much more comprehensive than we can address here, but we hope this overview will help in your disaster preparedness efforts.  In addition to having a plan in place, it is critical to test the plan regularly to make sure it meets your needs.  Meadows Bank has adopted the NIST framework as part of our overall information security program.  For more information on the framework, please visit nist.gov.


[PRINTER FRIENDLY VERSION]
Tell A Friend
Locations/Hours Contact Us Privacy Policy Subscribe
Archive
April 2022
March 2022
February 2022

[MORE]
Equal Housing Lender, Member FDIC
Published by Meadows Bank
Includes copyrighted material of IMakeNews, Inc. and its suppliers.
Powered by IMN