As we begin a new year we start to evaluate many aspects of our lives. We examine our careers, relationships and health. We plan for the future in terms of financial security and retirement. Although we are not the ones to coach you through those life choices we can help you to strengthen and define your cybersecurity.
If we begin by asking a series of questions it will help to bring focus on areas in which your cybersecurity practices and implementation may need attention. Instead of laying out your current environment it can be helpful to answer questions that might make you think of areas that you had not considered in the past.
- What threats do you face?
- Intrusion, data loss, credential theft, insider threats and attacks. The answer is all of these. But by defining these risks it can help you understand the next steps you need to take to improve your cybersecurity posture.
- What security defenses do you currently have in place?
- Firewalls, anti-virus, threat detection and prevention, network segmentation are all security technologies to be considered.
- How are you securing your data?
- First, identify the data that needs to be protected. Make sure backups are performed and tested on a regular basis. Address the security of this data at rest and in transit. Control access to sensitive data.
- Do you have a disaster recovery, business continuity, and incident response plan?
- Knowing and identifying the factors that contribute to business interruptions can help you to plan how to recover from the incident. Review and update it regularly. Having a documented plan can help to reduce costs and recovery time.
- Are you training your employees on how to recognize, handle and report cybersecurity threats?
- An ongoing cybersecurity awareness program will reduce your vulnerability to phishing and other social engineering attacks. Your program should also include policy reviews and compliance. Don’t neglect your IT staff. Make sure they get the training they need to help to protect your organization.
- Is your hardware and software up-to-date?
- Ensure that you are not using any type of legacy products and that you are applying the latest patches and firmware.
- What is your budget for cybersecurity?
- Having a defined budget can help you to fill in the holes that you may see in your institution. You may need to hire more employees, purchase a service or product or specific training needs.
- Do you have cyber insurance?
- Do you need it? What does it cover? How can it help? It’s worth looking into to see if this might be a valuable tool in your arsenal.
- How do you stay current on the cyber threat landscape?
- Are you aware of the latest threats and risks? This could be anything from the latest malware, phishing, or software/hardware vulnerability. Make a plan to research and read, subscribe to cyber publications, attend conferences and community security groups.
- How do you handle cyber risks posed by vendors and other 3rd parties?
- Do you have strategies in place to limit exposure to areas other than those that they need access to?
This is by no means a comprehensive list of questions that you should be looking at when reviewing your cybersecurity posture. But it is a place to start. By asking these baseline questions you should be able to assess and improve your cybersecurity in your organization.