TMC's Advisor

The Advisor is published by TMC

You Are Not London Drugs

With London Drugs’ troubles all over the news, it reminds us all that it’s not ‘if’ but ‘when’. Every time you come across the London Drugs name, do you flinch and think that your organization might be next? Is your IT department well prepared? Are employees cyber aware? Do you have an updated and vetted cybersecurity incident response plan? Here’s a checklist.

By Ellen Koskinen-Dodgson

Ellen Koskinen-Dodgson is an IT and Telecommunications Management Consultant, electrical engineer, author, speaker, media resource and Expert Witness. She is the President and Managing Partner of TMC IT and Telecom Consulting Inc.

First The Good News

In Splunk’s 2024 Survey State of Security Report, they summarize: the state of security in 2024 is a bit of a contradiction. Despite the obstacles in security professionals’ paths — stringent compliance requirements, escalating geopolitical tensions, and a more sophisticated threat landscape — the industry is making progress. Many organizations report that cybersecurity is becoming easier to manage compared to previous years. Organizations collaborate more and detect threats faster, and most have the authority and resources to solve the issues they face. 41% of respondents said that year over year, keeping up with cybersecurity has become easier, compared to only 17% in 2022.

Response Plan Checklist

What should be included in your incident response plan?

Everyone Plays a Part

IT, of course, plays the biggest part in keeping the organization safe.

Senior Management understands cybersecurity at a high level. IT has explained what needs to be done to mitigate risks including cybersecurity insurance.

Non-IT employees have been well trained on cybersecurity awareness. They avoid most traps, and even more important, they report a potential problem even when they’re not sure.

The more you educate your employees on security awareness, the stronger you build your first line of defence. Use this story as a case study to prove to your executives that security training should be a priority and deserves more resources and budget. Then, implement engaging interactive training on topics that are relevant to your business like social engineering, passwords, and phishing.

Because of one attack, London Drugs was out of business for over a week and still isn’t working at full capacity. Don’t let this happen to your business. Stay safe by planning ahead, using proper data storage techniques, and educating your employees. Have procedures in place to smoothly work your way through any level of incident.

If you’d like to leverage our expertise, whether you’re an existing client or not, or if you’d like to comment on this article, please email me at .

This article was published in the May 2024 edition of The TMC Advisor
- ISSN 2369-663X Volume:11 Issue:4

©2024 TMC Consulting