Ten Practical Tips for Cyber Recovery

By Bruce Keeble

As cyber threats continue to grow in scale and sophistication, it’s no longer enough to focus solely on prevention. Recovery readiness is just as critical.

1. Test your resilience: Cybersecurity isn’t just about keeping threats out - it’s about how well you recover when they get in. Regularly test your systems and teams under pressure, which is the real litmus test of preparedness.
2. Understand your risk landscape: Keeping your organisation safe isn’t just a technical matter, it’s also about how your systems and people connect. Take a broad view of your supply chain and internal processes to identify weak spots before attackers do – whether that’s in your people structure, technology, processes, or culture.
3. Resilience is a team effort: Cyber recovery isn’t the job of one person or department. Everyone, from the boardroom to the shop floor needs to understand their role, the response plan, and be prepared to take action.
4. Plan, Plan, Plan: Have a plan, practice the plan, and action the plan when it arrives. So many businesses do not know how to recover from an outage, and worse still, their leadership team does not know how long real time restoration of a backup can take if none of the infrastructure works and needs replacement from scratch.
5. Prepare for the public response: When the worst happens, it is essential to know who do you call, what to say, and understand your regulatory requirements. Knowing your external counsel, your cyber insurer, and having a call tree particularly as you head to weekends or national holidays means you are at least primed to respond quickly if there is an unknown information security incident bubbling away.
6. The 3-2-1 back-up rule: This isn’t a countdown, it is fundamental to getting your business back up and running. It is recommended to have three full backups of your data, two on different media or cloud, and one back up stored offsite, separately, and securely. As ever, test your backups and assess how long it would take to restore full operations.
7. Training and the human factor: Human error can often be the weakest link. Run regular training and simulations to help staff spot phishing attempts, fake messages, and other social engineering tactics.
8. Security at home: With hybrid work here to stay, home networks matter. Encourage staff to update router passwords, secure mobile accounts, and treat personal devices with the same care as work ones.
9. Threat intelligence: Stay informed of emerging threats with Cyber Threat Intelligence (CTI) as part of your defence. Whether that support is in-house or outsourced, this is a great way to best understand threats and acts as an alarm if employee credentials get leaked to criminal forums, or when a common vulnerability of a specific server or phishing campaign commences.
10. Don’t overlook your supply chain: Supply chains continue to be a vulnerability, and your business may not be the direct target. It may be a hop, skip and a jump through another firm from rogue devices attempting to connect to your network through a café WIFI, the website designer that left a backdoor and gateway to an unprotected customer database, or simply poor security practices of physical security. Make sure you vet third party vendors carefully and that their security practices don’t become your problem.