We have labeled today’s business security challenges a “cybersiege in the digital realm” because, for business leaders, the well-documented onslaught of cybercrime can certainly feel like one. To cope with ever-multiplying security risks, we advocate applying the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST).
We also recommend seeking out advice from managed IT services experts, such as TeamLogic IT, including this digest of basic cybersecurity tactics:
- Provision Specifically for Monitoring and Maintenance—To ensure that security safeguards remain fully funded and current, make detecting threats and attacks a specific part of your annual IT budget—or a standalone item in your corporate security budget. It’s a prudent investment that can easily pay for itself.
- Incorporate NIST’s Six Steps to a Security Risk Assessment
- Identify the systems
- Identify and document internal and external threats
- Determine risk and impact
- Analyze controls
- Determine the likelihood of the risk
- Identify and prioritize risk response
- Establish Specific Cybersecurity Policies—Make sure to include storing passwords, connecting to Wi-Fi networks and granting app permissions. Also ensure that employees know the dangers of connecting unknown USB drives and clicking on links in emails, even when the sender appears to be a known contact. Four foundational policy areas that can apply to most businesses are:
- Acceptable Use Policy
- Data Breach Response Policy
- Disaster Recovery Policy
- Password Protection Policy
- Launch and Sustain a Core Campaign—An effective monitoring and maintenance effort will include:
- Application whitelisting to help deflect malicious software and unapproved programs
- Regular patching for operating systems, browsers and applications (e.g., Flash, Microsoft Office, Java and PDF viewers)
- Administrative privilege restrictions for operating systems and applications based on user duties
|
