All mission-critical systems should have a backup (even cloud systems can be affected!) – regularly restore backups to test them for emergencies. Consult security or forensic experts so they can provide support in critical situations. Train "digital first responders" to ensure the correct immediate measures.
The most important question during an IT emergency is often: How long does the IT have to remain "off"? This is understandable, as today many parts of the value chain depend on functioning IT. Preparation for an IT emergency should therefore aim to keep downtime as short as possible.
Further Links
German Chamber of Commerce and Industry Munich: IT emergency plan
German Chamber of Commerce and Industry NRW: Incident Response Guide (only available in German)
German Federal Office for Information Security: User behavior in IT emergencies
Checklist of the Alliance for Cyber Security
German Federal Office for Information Security: Further information on incident management
German Federal Office for Information Security: Document templates for emergency management
German Federal Office for Information Security: Digital rescue chain of the Cyber Security Network
The first steps are often crucial: The correct decision whether to disconnect a computer from the network or turn it off, for instance, can have significant consequences for the duration of investigation and repair. It is therefore important to involve experts as quickly as possible. To achieve this, it is helpful to train "digital first responders," similar to medical first responders. A "emergency card" for the initial correct steps at each IT workplace can also be very useful.
If backups are unavailable, it may take several weeks before systems can be restored to a functional state. Consequently, it is very beneficial to regularly secure important systems and test the restoration process to be prepared for emergencies. For cloud applications, the cloud service provider takes care of this – one more reason to switch to cloud-based solutions.
After a hacker attack, communication via standard communication tools (email, landline, company chat) is often impossible, as these systems need to be cleaned first. An alternative communication option, such as mobile phones and SMS (while storing the contact details of customers and partners), can save a significant amount of time.
The Two Top Tips
- Verify whether backups exist for all systems and attempt to restore them as a test.
- Create an IT emergency card with expert contacts and introduce digital first responders.
Ansprechpartnerin
Dr. Katrin Sobania
Director Department for Information and Communication Technology | E-Government | Postal Services | IT Security