AnimationWatch this short animation made by DTC about identifying vulnerabilities. The video comes with English subtitles. You can download the media files here:
Identify where your business is vulnerable to cyber threats
An important point of action is to identify your assets and the vulnerabilities within your company. Also map out the technical dependence on (IT) suppliers. Doing an inventory like this forces you to think about what to do in the event of a cyber incident. And it helps to draw up an emergency plan (in Dutch) and a telephone list (pdf, in Dutch). To identify how vulnerable you are to an attack, the following questions can help:
- Availability - how bad is it that a system stops working?
- Integrity - how bad is it that certain data is incorrect?
- Confidentiality - how bad is it that data leaks out?
You determine how great the chance is that a threat will occur and what its impact would be. This gives you an idea of the risks your company runs. Use the Step-by-step plan to do a risk analysis (in Dutch).
Why this basic principle?
Understanding the risks makes it easier to increase resilience against cyber threats. Clear insight into your risks means that you can make a well-considered choice: what measures do you invest in and which risks do you accept. Should a cyber incident ever take place, the inventory prevents you from overlooking something and makes it easier to distinguish between main and side issues.
What should you do?
- Make an inventory of the IT components (in Dutch) and make a risk analysis (in Dutch).
- Update this inventory every 6 months. Schedule this activity in your calendar.
- Discuss the importance and content of the inventory with colleagues, employees, suppliers, and/or customers. Discuss everyone's responsibilities, record agreements with your IT supplier (in Dutch), and ensure that they are complied with. The weakest link determines the strength of the chain.
- Draw up a fallback and recovery plan (in Dutch) for what to do in case you are affected by a cyber incident that prevents you from 'normal' use of your networks, equipment, software, communication systems, and data. Test this plan at least once to make sure it really works.
- If you no longer have access to your systems, you want to be able to fall back on data still available to you. Keep contact details of key employees and suppliers and contract information in an accessible place so that you can act quickly in the event of an incident.
- Is your company dealing with a cyber incident? Then view the information and tips (in Dutch) on the website of the Digital Trust Center and read what you can do to solve the problems.
- Are you an entrepreneur in the manufacturing industry? Then do the Cyber Security Scan Smart Industry (in Dutch). With this scan you gain insight into cyber security and receive advice and tips to protect yourself against cyber threats. The scan was developed by the Ministry of Economic Affairs and Climate (EZK) in collaboration with Smart Industry, TNO (Netherlands Organisation for Applied Scientific Research), and the Netherlands Enterprise Agency (RVO).
- Schedule backups. You use a backup to restore data if it is damaged, for example due to a system error, incorrect storage, or a virus. Or if the device on which the data is located gets broken, lost, or infected with a virus. But also if you have changed or added important files. Disconnect backups from your network, store them in a safe place, and encrypt the files if necessary for extra protection. Date the backups to reduce the chances of restoring an infected backup and practice restoring data from a backup (in Dutch).
Read more about the 5 basic principles of running a secure digital business.