Cybersecurity: Actionable steps to protecting your data
本·亨特
We discussed the importance of creating a culture of cybersecurity in your company in a previous article, “网络安全:你为什么要关心?“现在, what steps should you take after you have leadership on board with upping your security measures?
Using a top-down approach to implement new cybersecurity standards, here are actionable steps and considerations you should be taking when evaluating your approach:
1. Start developing a plan to prepare, prevent, and respond to cybersecurity threats. 重点关注预防. You should have a thorough incident response plan, but prevention should be your first line of defense.
2. Utilize Multifactor Authentication (MFA) across all company platforms. MFA significantly reduces ransomware attacks.
3. 维护适当的离线备份. Consistently test and validate your 备份 to ensure they will work when you need them to.
4. Determine the decision-making process for dealing with ransomware. You need to know who in the firm has decision-making authority to pay the ransom or pull the plug on a device when a situation arises. Consider when you will call the FBI to aid in the decision-making process.
5. Educate marketing and PR departments on how to communicate situations or threats. It is important that they are trained ahead of time in the event that a serious situation arises.
6. Create a training plan for new and existing employees. Cybersecurity procedures should be enforced as soon as new employees are given access to any company networks. Spend adequate time training them on what to look out for and who to alert of any issues. They should be trained on using MFA and other systems such as a password manager.
7. Develop a procedure for exiting employees. Be diligent in removing any and all access to company networks and data.
8. Consider investing in some (or more) cyber insurance. The cost of cyber insurance has been going up, but so have the potential damages when an incident does occur. It is important to determine how much coverage you need, 要求是什么?, and what is included or excluded in the policy. Cyber insurance policies have lengthy requirements now, 例如MFA, 备份, 业务连续性计划, 和更多的. As a business, these are measures you should be taking anyway. Looking into an insurance application can help get you in check. Some insurance companies will provide a report card for your business to let you know how you are doing. Your policy may even include a cyber coach that you can engage with at no extra charge.
One thing to note: Your claim could be denied, and your coverage canceled if a cyber-attack happens because of something you misrepresented in your application. If a policy requires MFA and you only use MFA in one area of your business, find out what qualifies.
9. Hire a cyber lawyer to guide you through notifying key parties of incidents.
10. Decide if a Chief Information Security Officer (CISO) is right for your company. A CISO can set the strategic management of cybersecurity risks and incidents but is typically found in larger companies with higher budgets. 如果你是一家小十大赌博靠谱信誉的平台, you may want to consider contracting out a virtual CISO (vCISO) to help. A risk assessment can be used to make the determination.
Cybersecurity is not a business problem, but a business risk. These actionable steps and considerations will help you and your organization to manage the business risk of cybersecurity.
本·亨特,三岁 CISO, 咨询服务 Principal, CPA/CITP, CISA, CRISC, CDPSE, CISM
Ben is the Chief Information Security Officer for BRC and is a Principal in our Firm’s Risk 咨询服务 Practice. He specializes in Cybersecurity and Information Technology Audits and Assessments. Ben began his cybersecurity career in the US Marine Corps. After becoming a Certified Public Accountant, he continued his cybersecurity and IT Audit training […]
The information contained in this article is for informative purposes only and should not be relied on when making any business, 法律, 或者其他决定. This information may be updated without notice and/or may not contain the most current information that is available related to this topic. Please consult with your advisor to determine how this information applies to your specific facts and circumstances.