Pro Drive IT recently ran a roundtable exercise titled “How to avoid cyber annihilation of your firm”, which as the name suggest was designed to educate the attendees on the cyber security risks to their business and to give them some practical advice and tips on how to respond if (when!) an incident occurs – in short to increase their Cyber Resilience. 
The term Cyber Resilience refers to the ability of a company to bounce back from a cyber attack. The risk of a cyber attack is so great these days that whilst you need to put in place all the defences you can that are appropriate for your company, you also need to prepare for the worst to minimise the impact of a cyber attack when it occurs. You need a well designed, well tested plan to swing into action in as short a time as possible in order to save your business. It absolutely could be the difference between your organisation failing or surviving as a result of a cyber attack.
The event
The event was hosted by Bruce Penson (Managing Director) and Matt Taylor (Technical Director), each of whom have 20+ years’ experience in Information Technology and Cyber Security. The venue was the beautiful new Hilton hotel in Woking. Attendees were senior staff in local legal, accounting and professional services firms wanting to more about how best they could protect their businesses from cyber attacks.
Part 1 – Education
The first session in the morning focused on educating the attendees about why their company and staff might be a target, who is behind these types of attacks, and stepping through what really happens to systems and staff during a cyber security incident (this last part definitely opened a few eyes to the realities of a cyber security incident!)
Part 2 – Practical steps
After a short coffee break with a chance for some networking, the second session consisted of a more practical exercise. The basic principles of incident response were presented using an industry standard framework before the attendees were organised into smaller working groups.
A scenario was outlined where their businesses had been attacked and a ransomware note delivered – but at this early stage very few details were known. Working in their small groups they had to determine the best course of action to take as the scenario unfolded which they then presented back to the wider group at the end of each phase.
The energy in the room during this second session was amazing to see – everyone was instantly engaged in the activity and coming up with some great suggestions for what to do next, and even second guessing the next twist and turn in the scenario would be.
Wrapping up
The wrap up for the event was an overview of the next steps for attendees to take to protect their businesses, and a chance for everyone to state what key learnings they would take away from the event and what one thing they would do in their business on return to the office.
Do you need to improve your cyber resilience?
Pro Drive IT are available to assist legal, accounting and financial services companies with all of their cyber security, IT strategy and IT support requirements, including the Cyber Essentials and Cyber Assurance schemes which are the backbone of a government approved approach to Cyber Resilience.
If you have concerns about the ability of your firm to continue to operate in the event of a cyber attack, consider registering for our next workshop on our events page or call us on 0330 124 3599.
Background information on Cyber Resilience, IASME, Cyber Essentials and Cyber Assurance:
“Cyber Resilience” is a key part of the defence against cyber attacks and this is recognised by the UK government. In the UK the Cyber Essentials and Cyber Assurance schemes are officially administered by the Information Assurance for Small and Medium Enterprises (IASME) consortium. They are the official delivery partner of the National Cyber Security Centre (NCSC), which in turn is part of the Government Communications Headquarters (GCHQ).
The NCSC is the UK’s technical authority for cyber security, working to make the UK the safest place to live and work online. GCHQ is one of the three UK intelligence and security agencies, along with MI5 and the Secret Intelligence Service (MI6). More information on IASME can be found here: IASME Home – IASME – Home and on NCSC here: Overview – NCSC.GOV.UK
