Cyber Security Today, Jan. 3, 2023 – Resolve to start the new year by honing — or starting — your cybersecurity plan

Share post:

Welcome to Cyber Security Today. It’s Monday, January 2nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Happy New Year to all of you.

My tradition since the podcast began is to start the first episode of the year with New Year’s Resolutions for IT and security leaders. Because you should resolve to do things more efficiently, more methodically and more strategically than last year. You need a cybersecurity plan.

I’m speaking to those of you in small and medium-sized businesses with fewer financial and human resources than large organizations.

You may not know where to start. So here’s some advice: Start at the end. Assume there’s been a breach of your security controls five minutes from now. Are you prepared?

Why start there? Because the beginning steps — which I’ll get to shortly — will take time. And time is what you don’t have if there’s a cyber incident. You need an incident response team, and an incident response plan.

First, the incident response plan has to be written, with several copies stored in a safe and accessible place for the incident response team. Why not on computer? Because the computer with the plan might be hacked, or encrypted.

Second, management and the IT team have to define when the incident response team should be summoned. It doesn’t have to be every incident. Many can be handled by IT alone.

Third, executives need to decide who should be on the incident response team. Membership is your choice. Obviously some or all of the IT security team. But also include someone from internal or external legal (because they will give the team legal advice) communications (because they will have the responsibility of communicating with employees, the media and clients) and perhaps someone from HR. It may also include experts from your vendors or an outside incident response specialist. The IT leader may be responsible for IT response, while an event investigator will gather data for forensic analysis. A team leader should also be appointed, and not necessarily the CEO.

Team members need to be on-call 27/7. When they can’t be — for a family reason, they’re on training or they are on vacation — there have to be designated alternates. Everyone on the team has to have several ways of being contacted in an emergency: Phone, email or text. The contact information has to be kept up to date.

Remember, often cyber attacks start with email being compromised. So this initial message to the incident response team meeting has to be carefully worded. For example, an email and text message might say, “There’s a meeting of the emergency team at the designated physical space,” or “at the designated virtual space.”

And because email might have been compromised it’s a good idea to have an emergency email account set up that is only used for incidents. Ideally, it will be provided by a separate internet provider. At the very least it will have a different name than the organization’s public email address.

Next, the plan should identify a designated place to meet. The easiest is the company board room, but any meeting room will do. Because of COVID or other reasons the team may have to meet virtually. If so, that has to be arranged in advance and security measures like password and access control must be arranged in advance. For further messaging with the team that special email account will have to be used.

Meanwhile, the IT team has to prepare for the worst. They do that by having a “Go Bag” with at least one laptop devoted strictly to dealing with resurrecting the IT infrastructure remotely. It will include all the tools IT needs. And to cover all contingencies, the Go Bag should to have a cellphone from a different provider than the one the organization normally uses.

Optimistically, doing these first steps might take two days.

This isn’t everything for the incident response plan. Management has to set out the responsibilities of team members. The IT department should start drafting ‘what-if’ scenarios — also called playbooks — so they are prepared for likely attacks. But at least the groundwork for the response team will be set.

As for the rest of the cybersecurity plan, it begins with making an inventory of all of the hardware and software under the organization’s control, as well as where all the servers with sensitive data reside. From there a patch management priority strategy needs to be worked out. There have to be policies for IT — and possibly business units — to follow on the secure configuration of hardware and software, for user identification, authorization and data access control, for employee training and for data backup and recovery.

I’ve only touched on what you should be doing to create a cybersecurity plan. The internet is full of free resources. Just type “create a cybersecurity plan” or “create an incident response plan.”

If you’re a small or medium-sized Canadian firm look at the Canadian Centre for Cyber Security’s Baseline Cyber Security Controls. There’s also the U.S. Cybersecurity and Infrastructure Security Agency’s Cybersecurity Action Plan for Small Businesses.


The government of Canada’s Get Cyber Safe program has this guide for SMBs.

The Privacy Commissioner of Canada has this guide for protecting personal data for businesses that come under the federal Personal Information Protection and Electronic Documents Act (PIPEDA).

The U.S. Federal Communications Commission has this tip sheet.

Finally, heads of private and public sector organizations should remember two things: Cybersecurity is risk management. IT departments don’t do that. That’s your job. Second, you have to lead. If the organization decides on a policy, you have to be seen to be following it. No exceptions.

That’s it for now. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Jan. 3, 2023 – Resolve to start the new year by honing — or starting — your cybersecurity plan first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs



Related articles

Gartner debunks myths undermining cybersecurity success

Henrique Teixeira, Senior Director Analyst at Gartner, and Leigh McMullen, Distinguished VP Analyst at Gartner, highlighted and disproved...

Toyota discloses customer data breach

Toyota has disclosed that customer information from Japan and other countries in Asia and Oceania was publicly available...

Critical Vulnerability found in MOVEit

Progress Software has warned about a critical vulnerability in its popular file-transfer software, MOVEit, which could allow malicious...

Canadian Defence Minister concerned over increasing cyberattacks

Canadian Defence Minister Anita Anand has issued a warning that the country's key infrastructure is more vulnerable to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways