Plan for the worst, hope for the best.

A popular saying in life, but also very true when considering cyber and information security for a business.

The main issue in this instance is where to start planning, and what in truth is the worst?

To start the planning phase you need to understand what the worst could be for the business, here we are talking in terms of cyber and information security. As this could be a wide-ranging question, it can be split into numerous categories depending on your business. These may include things such as internally hosted infrastructure and applications, critical cloud services, third party suppliers, customer data, company data, physical assets, and staff. The items of concern should be tailored to your business, unless you are looking to follow a best practice framework, and address security across all areas.

What is key is understanding your assets, the risks to them, and the impact these can have on your business when something goes wrong. If only there was an exercise you could perform which would assist with this, and that could be updated as the business grows.

Need Some Help Or Want To Go Over Your Current Security?

We can help you understand your current security posture and where potential issues may arise all for zero cost!

Get In Touch

I would advise all businesses to perform a Risk Assessment (RA) and get a Risk Register (RR) together. This is the best way to understand what risks your business faces, and how to resolve them. This then leads to where to allocate budgets for the best results. Performing a RA usually offers great ROI; when performed by a competent professional the additional benefits, and the streamlining of resources usually more than cover the entire cost of the exercise.

Once done, it is now possible to understand what the worst security impacts are, and their likelihood. Is it a ransomware attack locking all systems disrupting business (very common at the moment but fairly easier to plan for), or is it a key third party supplier being breached and losing access to critical company/customer data or services (not as common but could have a huge impact and is harder to plan for)? Again, this is where having the assistance of an expert professional is vital, to derive the greatest ROI and cover all risks. Using their industry knowledge and experience they can put into perspective the likelihood of the risks and how to effectively mitigate these.

Until you have performed a RA and have a RR, in my opinion, you can never truly plan for the worst, as you don't know what it realistically could be.

To discuss performing a Risk Assessment or how to start planning get in touch.

How Can We Help

About The Author

Lee Gilbank is one of the founders of Yorcybersec. When he’s not working with his clients, he geeks out on jigsaw puzzles, cycling, and playing video games with his children.