Brexit: six key steps to being cyber-ready

Oct 17, 2019

No matter the timing or the deal regarding Brexit, there is a risk of serious disruption around the exit date. Pat Moran recommends six steps to ensuring your organisation is cyber-ready.

As we all know, the United Kingdom (UK) is set to leave the European Union (EU). Regardless of the kind of deal struck, there may be heightened risk of disruption around Brexit day.

Periods of uncertainty can give malicious actors increased opportunities to take advantage of the disruption. In the run up to the Brexit deadline, businesses should consider implementing additional measures to help protect against potential digital disruption and cybersecurity issues.

Below are several ways Irish businesses can prepare for any disruptions that may come their way.

Identify key threats

Assess which threats are likely to be heightened during the Brexit period. This could be insider threats, distributed denial-of-service (DDOS) attack, or malware injection. Take the appropriate actions based on the key risks identified.

Increase awareness

Send communications to staff to apply vigilance during this period and remind them of their end-user security obligations and training. Also consider sending timely security awareness notifications to your customers.

Report to the Board

As part of Brexit reporting to senior management, Irish businesses should consider adding cyber security to the agenda, outlining the measures being taken and establishing a protocol to notify them in the event of an incident.

Key personnel availability

Irish businesses should identify key personnel and their availability during the period, including third parties. Remember that should a deal be agreed, Brexit will occur during half-term – a common annual-leave week.

Third parties

Consider what protective measures third parties are taking during the period. Businesses should outline what reporting is required from third parties to ensure that key risks are being managed and events will be reported.

Increase monitoring

Security teams should consider whether the right monitoring is in place to identify security events during the period. An increased risk profile may drive more activities on the network, so be sure that the right level of monitoring is in place.

Regardless of the timing or the deal struck, minimising the risk of disruption to your business should be a top priority.

Pat Moran is a Partner and leads the Cyber Security and IT Forensics team in PwC.