It's a brand new year. Where are you heading next on your cybersecurity journey 🌄? If you spend some time creating a cybersecurity road map (aka, making a plan), you'll be prepared with a cybersecurity plan that feels like an epic adventure.
At its most basic, cybersecurity starts with asking yourself and your security team two things – what do we have, and how do we protect it? Here are a few more detailed questions, with answers to guide you as you chart a course and make a cybersecurity risk management plan for the year.
1. What's valuable that needs protection?
Develop an asset management program. This includes taking an inventory of all your hardware, software, data, and network assets. Critical data and assets can include critical infrastructure, research data, business strategies, intellectual property, patient data, trade secrets, and more. Determine who is responsible for protecting each asset, and rank the assets in order of highest value to the company (what is most necessary to continue operations).
2. How should we secure what’s valuable?
Protect your critical assets and data. If these are compromised, you could be taking serious risks to your reputation, business continuity, and profitability. Once you have listed your assets and determined which have the highest value to the company, you have a ready-made priority list. Put your most advanced security measures on your highest-value critical assets and data.
3. How do we maximize our antivirus software?
Install and configure antivirus software properly. First, layer host-based (individual workstation) antivirus with network antivirus solutions. Make sure to review all the security settings in the application. Even the best systems will not protect your company properly if the security settings are not turned on correctly. If you need outside help, hire a third party.
4. What email basics do we need?
Email compromise is one of the top sources of breaches and security incidents. Email incidents can also be one of the most costly gaps in network security. Install spam filtering and virus protection, and make sure these are active and set properly on every network device. Improperly configured spam filtering and virus detection is an open door for phishing schemes or malware attacks, which could lead to financial loss, reputation damage, stolen data, DoS attacks, and more.
5. How do we avoid current and new risks?
Install software updates and patches right away. This is why you pay software subscription fees, to stay up to date with the latest and most secure versions. Be sure a security team member is assigned to this role immediately when updates are released. Better yet, configure automatic updates where available.
6. What if the worst happens (a cybersecurity breach)?
If a data breach or loss occurs, it’s important to be prepared. Establish a backup and data loss recovery process during times of normal operation, before a breach, so that an emergency plan is in place when you need it.
7. What else are we missing?
Identify and close network visibility gaps. Set up processes to monitor stored data, devices, applications, source/destination URLs, and logins onto your network. This way, it’s easier to spot abnormal behavior and identify potential threats.
8. How do we limit eyes on our stuff?
Implement strict user access control policies. Make it very difficult for unauthorized users to gain access to your system. Implement MFA (Multi-Factor Authentication) or 2FA (Two-Factor Authentication). Use network settings and group policies to authorize only those users who need sensitive information and programs.
9. How do we manage risk as we grow?
Establish a vulnerability management program. This should be a continuous process to evaluate and re-evaluate the risks the company is taking. A professional program will use both offensive and defensive security to monitor and mitigate vulnerabilities.
10. Can outside actors break into our network?
The short answer is yes. No system is completely impenetrable. But how easily? There is one way to find out – conduct quarterly penetration testing, or hire outside help. Penetration tests by ethical hackers can be extremely valuable sources of information, to find attack points before a malicious actor and secure those areas.
Once you have established a plan using these questions, you’re well on your way. Start taking action, one step at a time. This epic cybersecurity adventure is never over, since new threats arise and new challenges are always ready for us to solve. But once you start with a cybersecurity plan, keep moving down the list as you have the capacity and funding. You can do this! If you need more help, we are here and ready to talk more. Follow us online for more resources and ways to make a cybersecurity plan.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills. Occasionally we communicate with cybersecurity memes.
We set the standard for cybersecurity excellence.