The 5 New Year’s Resolutions CSOs Should Have Made
It’s February. We all know you aren’t going to the gym and eating a salad every day, so let’s stop pretending you’re keeping any of your other new year’s resolutions. But instead of beating yourself up, let’s talk about the resolutions you should have made – the ones that are actually going to stick and make your life easier. They might even impress your boss.
This is the time of year to pull your incident response plan off the shelf, dust it off and read it in the context of 2017. Does it still meet your company’s needs? Have you brought new personnel into key roles? Do you still have a detailed guide for recovering a system that you replaced last year? Do you use the phrase “prevention” more often than “mitigation?” If you said yes, then it might be time to shed a few pounds of outdated guidelines.
It’s not enough to just audit the fat out of your old plan. You need to actually incorporate smarter, fresher thinking. In 2017, healthy incident response planning means realizing that there’s a lot more to being resilient than just getting your network back up and running. Today, your reputation has to be resilient, too. Businesses spend billions annually to build and maintain strong, industry-leading reputations, but a single cyber incident can wipe out that investment and tank the value of your brand and company. For 2017, incorporate a communications response into your plan before a crisis hits, and reduce the risk of an ineffective response leading to a costly public backlash.
As Vince Lombardi so famously said “Practice does not make perfect. Only perfect practice makes perfect.” Obviously you know how to practice your plan, but are you exercising it effectively? Only a realistic training scenario can tell you whether you have a good plan in place. It’s a brave new world. News doesn’t just come from your press releases anymore. With so many messengers on social media and online blogs, information moves quickly. You have to be prepared for leaks and misinformation to reach your stakeholders, prompting questions you may not be ready to answer. The most effective way to stay ahead of this curve in the midst of a crisis is to practice like you’re really in one.
The real cost of a data breach comes in post-incident revenue loss. When you break trust with your clients, the impact on your company’s bottom line can be deep. Being truly resilient means minimizing the impact. Through fluency in both reputation management and security, a good crisis communications plan bridges the gap between information security requirements and PR demands. By incorporating a communications response into your incident response plan, you can save your company millions in today’s lost revenue and tomorrow’s potential earnings.
Live Life to the Fullest
The quickest way to fill your life with more excitement is to make new friends. New people bring fresh ideas and expertise, which is exactly why you should go meet the communications team. Despite what you may think, you really do have a lot in common – mainly, you both want to protect your company. You may go about it in different ways, but at the end of the day, you’re going to be on the same team when an incident occurs. Meeting them now and bringing them into your planning process will save you precious time later when you don’t have to explain the difference between “viruses” and “malware.” Besides, when something goes wrong, you’ll need all the friends you can get.
As we kick-off 2017, rethinking a few basic resolutions will help you stay ahead of the curve, increase your resilience and reduce your company’s overall risk. Now, doesn’t that sound better than trying to floss everyday?