Cybersecurity seems to be a buzz word these days doesn’t it? Does it give you vibes of someone overseas in an oversized black hoodie typing away on a command prompt window? If it does… Well I’d like to just let you know that it (more than likely) is not that person.
Although the headlines about the overseas hacker certainly paints a more believable picture and makes a company feel better, cybersecurity includes every facet of your IT security in your organization. It includes auditing of your user accounts on the network to make sure you do not have any old employees who have access to your internal documentation and folders. It also includes auditing those accounts that have administrative access to your network because if those are compromised it is a whole lot worse than a standard user with no permissions.
Luckily, there are steps that your organization can take today in order to improve your cybersecurity stance for your organization. It all starts with documenting your company and what you will lose in the event of a disaster/breach, who would be looking to gain from said disaster/breach, and lastly who are your customers? What is your business providing? You will then want to create the processes and documentation in your organization for these methods and answers. The processes are the important part. Have you ever scrambled trying to “wing” something in your business? Winging it does not work. What does work is having a clear, thoughtfully designed process in place should something go wrong.
So what encompasses a “good” cybersecurity strategy?
Lay the Foundation
Survey your Environment and Classify
This means you need to have a good understanding of all of your company assets. It’s true – We cannot protect everything 100%, but it’s important that we have an understanding of what needs the most protection. What is the most important and critical to your applications? Start by reviewing your processes and try to gain and understanding of how your revenue is generated. What sources is it coming from? What systems have the ability to absolutely grind that to a halt and how much money will you lose if those systems are offline? Which of those systems have confidential or highly confidential information? These are important questions to ask. Classify all of the data and assets (applications, devices, servers, users) that are critical to the functioning of your business and place them in a list from most important to least important. Once you have identified this, let us move onto the next step.
What regulations and compliance frameworks is your organization bound to?
This is very important. Compliance and security are two different fields, however incompliance is extremely damaging to your business and you risk hefty fines or worse. It is important to design your cyber security plan with compliance in mind.
Map your Threat Landscape
Now that we know WHAT we will be protecting we need to map out the threat landscape. Let us take a look to see and understand your environment and how your business operates. Ask yourself the following questions
- Who are your customers?
- What is the product or service you are providing?
- Who seeks to benefit by hurting your business?
- What is going on with your competitors? Have they been breached?
- If so, what type of breach was it?
These answers will help us to become more familiar with the landscape in which you operate. And will give us key insight into what threats you will face.
Build your Plan Based on the Framework of your Choice
Ok, now we are onto the part where you are going to need your IT to work on this for/with you. But next it’s time to build your plan based on the framework you have chosen. There’s a couple of them out there such as NIST, ISO, and CIS. This is going to be built using the standards from these frameworks for cybersecurity and also taking into account your unique threat landscape and business environment.
If you would like to discuss a strategy and how we can align your IT to your cybersecurity strategy, schedule a 15 minute call with us here: https://cloudchariot.tech/bookings