Being prepared, we have a saying at H&D Technologies, It's not if it's when if they want to get to you they will. So what you do is you prepare for that eventuality of when they get in, what are you going to do from there forward. And, I guess the biggest thing is understanding I'm not selling with fear here. Oh, they're going to get in. They're going to get you. It's so terrible. Which, it is terrible, but when you prepare for the when it's a lot less terrible people, it's so much better. When you have a plan, the event happens. You have a plan. You have your cyber insurance to pay for the remediation. And yes, it's stressful, but it's a lot less stressful than not being prepared and not having money to pay.
Backups
The biggest thing hands down, the biggest thing and the most important thing is having good backups, having what are called immutable backups. I know you're like, great Tom, another tech giving all these words off, but immutability is very simply the inability to change the backups.
They cannot be encrypted. They cannot be deleted because that's the first number one thing an attacker does when they get into your system.
First item, be prepared. Have good immutable backups.
Knowledge
Executives don't learn about cyber preparedness and what cyber even is. That is a total mistake. Just like you wouldn't not look at your P&L and your balance sheet, you must be looking at your key performance indicators for your technology department. Remember, no technology, no profit and loss, and no balance sheet because you can't run those things when your systems are all encrypted.
So you've got to remember to watch the reports that your technology people give you. If they're not giving you reports, you need to demand them. That's what I talk about by being involved and being an understanding. What's going on is knowing that you have to have what we call. The second thing is trust, yet verify. You always trust your tech people. You have to, otherwise you wouldn't be working with them. But you need to know that they're doing their job. You cannot take for granted that they are. And even if they have the best and best of intentions to do their job, you don't know that they are unless they're showing you the reports. And when someone, a layman, looks at reports and asks questions many times, it makes the tech think in a different way about being prepared.
Cyber Insurance
If you've watched my videos before you know I harp on this when you have cyber insurance, and when the event happens, you know, “I'm not going to have to worry about paying a large amount of money, a quarter million to a half a million dollars.” And that's without them getting to your backups and without you having to pay a ransom. You still are going to be spending a couple hundred thousand to $500,000 in what we call incident response or remediation, actually getting the people out of the system, figuring out how they got in all of that, and maybe repairing some stuff that they had damaged.
So when you know that you're prepared because you know you have your backups and you know that you have money to pay for the remediation with your cyber, you are so much more prepared for that when event happening.
Again, this is Tom Hermstad with H&D Technologies. We're in Seal Beach, California. We are a Cyber Response Firm. We help people prepare for the when. I hope you have a great 2025. And please do what I say because it's going to help you out.
![Prevention is NOT Preparation [PART 3]](https://www.hdtech.com/wp-content/plugins/special-recent-posts/cache/srpthumb-p9202-56x62-no.jpg)
![The Anatomy of a Cyber Attack, an Act of War [PART 2]](https://www.hdtech.com/wp-content/plugins/special-recent-posts/cache/srpthumb-p9201-56x62-no.jpg)