You can reduce risks, but you can’t prevent everything.
Think of your business data like you would the human body. There are many things you should do to reduce the risks of illness, injury, and death. The more you do then the better the chances you have of living a healthy life. The same goes with your business data.
There are many “best practices” that will reduce the chances of data leaks, corruption, and loss. No matter what you do, however, there are risks. You must assume something will go wrong at some point.
Knowing how to react to data leaks, corruption, and loss is more critical than trying to prevent every possible risk.
One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks.Stephane Nappo
Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation.
Disaster preparedness is planning for the inevitable.
Knowing what to do in the event of a problem is the most critical element of your security plan.
If your data gets corrupted, what are your data recovery options? How much data can you afford to lose? What if the backup data is also corrupted? What are your other recovery options?
If you discover that your customer data is being leaked onto the dark web, what will you do? Do you notify your customers? Do you take your database offline? Is it an internal leak or a hacker? What’s your first priority? How do you stop the leak? What are your liabilities?
You might not think of every scenario when you do your risk assessment so it’s critical that you think of what happens if and when something goes wrong.