Cyber incidents can potentially strike anyone. This is why it is important to practice on a regular basis. Be well prepared with these 5 tips on how to act during a cyber incident, by Crisis Expert Jori Kalkman (Netherlands Defence Academy). He analysed hundreds of different ways to handle crisis response, to find out how operational crisis teams dealt with dilemmas.
1. Act first, don’t wait
“Keep in mind, having information is a luxury during a crisis. Professionals often like to gather as much information as possible to get the most complete picture. But in doing so, you could be wasting a lot of time. In the end, a crisis is precarious and unpredictable by nature. By the time you think you have the full picture, that information might already be out of date. So you should decide and act fast based on information that may later prove to be incomplete.”
2. Be experimental and don’t be afraid to let go of plans and protocols
“If you can manage a crisis exercise according to plan, you have not had a proper exercise. That is why you should purposely use an exercise for experimentation. Also, don’t be afraid to let go of protocols and plans here and there, if you feel the situation calls for it. After all, that is what people will do in actual crisis situations.”
3. Have a discussion on what is acceptable
“Experimentation and letting go of plans can generate interesting discussions. Particularly for administrators. Which is why we have to consider what level of violation we find acceptable. How much liberty can and do we want to allow our employees? How do we act if, in a crisis, standards and values that we consider to be important are compromised? Governments like to work in adherence to plans and protocols. This allows them to account for decisions made. But in a crisis, those exact plans and protocols will not suffice.”
4. Administrator, stick to administrative decisions
“Stick to administrative decisions: set goals, but leave the how and the execution to others. A certain degree of autonomy and confidence in the people doing the work is hugely important. For instance, a mayor may be the one to call for evacuation during a flooding, but should not get involved in how that evacuation is carried out. That is not his job.’
5. Administrator, look at a crisis as symptomatic
‘’Administrator, ask yourself: when is a crisis over? In the event of an area flooding, you can rescue people, drain the area and go back to business as usual. But at the next rainstorm, the area will flood once again. The same is true for a cyber crisis (exercise). A cyber crisis should be looked at as a symptom; a warning sign that there might be something structurally wrong in your organisation, a weakness in your systems. People feel relieved when a crisis situation is resolved. But in truth, that’s when the real work begins.”
You might also be interested in:
- “Collaborating in Raising Digital Resilience to a Higher Level”
- Practicing, Testing and Knowledge Sharing
- Cybersecurity
- I-strategy Rijk