Is your cybersecurity strategy capable of protecting your organization’s assets from cyber threats? If you haven’t performed any tests to confirm or deny that inquiry, consider a staggering statistic in a report about cybersecurity published by the ESI ThoughtLab economic consultant firm. From their 2018 survey of several hundred individuals of organizations in 17 countries, the average loss for the surveyed organizations was close to $5 million. As the technical expert on the cybersecurity team, your manager and the decisionmakers in the organization will look to you to ensure that the organization doesn’t contribute to that statistic.
You can easily determine the effectiveness of your organization’s cybersecurity strategy by performing real-life scenarios of your security solutions, response and recovery, and employee awareness. If you determine that improvements are needed, strengthening your cybersecurity plan should be as comprehensive as your financial resources and schedule allow. If you need to make improvements quickly, such as to meet compliance or decisionmaker requirements, make sure you focus on the areas of that are the most vulnerable to a cyberattack.
The following are five ways you can make improvements to your cybersecurity strategy and address key concerns:
1: Apply Basic Cybersecurity Hygiene
2: Fortify Endpoint Protection
3: Implement Remote Access Management Policy and Procedures
4: Enhance Your Skills and Knowledge
5: Increase Employee Awareness
1: Apply Basic Cybersecurity Hygiene
One of the best actions you can make immediately is to confirm that your organization’s cybersecurity plan addresses the basics of protection:
- Backing up your organization’s data may seem like common knowledge, but it’s a task that companies often overlook. Having a backup is one of the best defenses against a ransomware attack. That is, if you have wisely stored your backup on a different system.
- Incorporating automation for updates and other common tasks is in line with backups. This task will minimize human intervention that has the potential for error. Consider the 2017 WannaCry ransomware attack that infiltrated computer systems running Microsoft Windows operating system. Once executed, the network worm encrypted the data on the computer and presented a message demanding a ransom. Since Microsoft was aware of the issue and had provided an update to address the attack, it could have been avoided if the update had been applied on the affected systems.
- Implementing an authentication method that is secondary to passwords will lessen security issues related to employee errors. These will serve as a protective armor for your computer systems. According to a report by Ponemon Institute, weak employee passwords were the source of an attack for 40% of their respondents with an average cost of close to half a billion dollars.
- Using tools to monitor for and detect cyber threats will enable you to quickly review and, if necessary, respond to any suspicious issues. There are plenty of these tools available on the market. It’s a good idea to evaluate your organization’s needs before making an investment in a tool.
2: Fortify Endpoint Protection
An extension of applying basic cybersecurity hygiene is endpoint protection. According to the 2018-2019 State of Data Security and Privacy published by Forrester Researcher, endpoints account for 70% of data breaches. Endpoint protection refers to methods by which you manage security on the systems that are connected to your organization’s network. Anti-virus software and firewalls (network-based and hosted) are basic methods of protection that are ideal in traditional office settings with only desktop systems. If employees can use personal devices such as laptops and mobile cell phones to connect to the network (inside or outside the organization), you should consider implementing additional protection measures.
The following are three types of advanced endpoint protection tools for you to consider:
- Next-Generation Antivirus (NGAV) solutions that are event-driven instead of based on files that are stored on an endpoint (traditional virus signature definitions).
- Endpoint Detection and Response (EDR) tools that are designed to monitor endpoints for suspicious activity and when necessary, automate an action to secure the system.
- Cyber threat intelligence, which is the result of a multi-step process of collecting, processing, and analyzing raw security data.
3: Implement Remote Access Management Policy and Procedures
Before endpoints in your organization move to locations outside the corporate office, make sure you add policy and procedures. This information, typically provided in document form, is basically a detailed training and informational guide about your expectations of employees when they work in remote locations. The document should also provide the consequences of not following the documented instructions.
Even with remote access management policy and procedures in place, mistakes are still possible (and likely). The following are two important additional steps you can take to enhance remote security:
- Implement a multifactor authentication (MFA) to add an additional method of authenticating a user for VPN access. According to a blog post by Lastpass, a provider of login management systems, passwords account for a large percentage of data breaches.
- Build and implement a whitelist that includes all the approved applications and contact email addresses that employees can access. Update the list as you deem necessary.
4: Enhance Your Skills and Knowledge
Once you have all the technical aspects of your cybersecurity in place, consider opportunities of advancing your knowledge and skills. As an IT cybersecurity professional, you probably know that your technical skills must continue to evolve to combat the latest cyberattacks. What are those technical skills? According to Infosec, a provider of training for IT professional, the following eight skills are considered the basics for cybersecurity professionals:
- Intrusion detection
- Software reverse engineering
- Analytical skills
- Risk mitigation
- Cloud security
- Incident response
- Encryption technologies
- Penetration tasks
Cybersecurity is an important topic to all organizations, so there are numerous courses available online and in person. Many of these courses are fee-based. However, the SANS Institute offers free online cybersecurity courses. You can also gain knowledge by staying informed. Joining and participating in online security-related communities and signing up for online news is also a good idea.
5: Increase Employee Awareness
Security training is not just for you and the other individuals in the IT department. All employees in the organization should know their responsibility regarding security and understand the potential consequences if they are careless. Unfortunately, there are many examples of how an employee’s negligence resulted in a costly security breach. Most recently, is the cyberattack on Grays Harbor Community Hospital. In that incident, an employee clicked a malicious link to ransomware that spread to computer systems throughout several of the organization’s medical facilities. In addition to the costs associated with the IT department tackling the damage, the organization’s systems were down for an extended period of time, which meant they lost money.
As an IT professional, your manager may task you with creating and implementing an employee cybersecurity training program.
Here are steps to help you create a training program:
- Determine who needs the training. At a minimum, security training should include everyone who uses a computer system or device to connect to the corporate network.
- Define the scope of the program. Phishing emails, password policies, and personal device protection are the basic topics to cover with employees. You should also consider the types of security attacks that are common for your organization’s industry.
- Outline the structure of the training. Developing a program that includes both instructional information and practical experience is a good idea. Cloud-based email management company Mimecast creates entertaining and focused training for their employees.
- Establish a timeline for the training. In the beginning, you’ll start with existing employees. You should then work with the Human Resources department to add training to the onboarding process for new employees.
- Update the training. The tactics of cybercriminals continue to advance, and so should your training program. Keep an eye out for any security news items that you can alert employees to immediately via email and later add to the training. Also, as you learn more about issues that are specific to your employees, you should add these to the training program.
Getting Started with Your Plan
The tips mentioned above are a good start to making sure that you address the basics of cybersecurity. Note that improving the cybersecurity strategy for your organization will be an ongoing task. Cyber threats will continue to advance, so you must make sure your strategy also advances. It’s likely that you won’t be able to prevent every potential attack that pops up, but at the very minimum, you will be prepared to respond to them and divert any significant damage.
At BACS, our goal is to partner with our customers to develop a cybersecurity infrastructure that is built from a solid foundation according to the organization’s specific needs. Our team of cybersecurity experts help organizations make the “right” decisions to build an IT security framework that encompasses the full spectrum of an effective cybersecurity strategy: planning, developing, implementing, reviewing, and revising.