By now, many managers and business owners have been sold on the need for cyber security to better protect their organizations’ assets, data, and reputation. After years of high-profile hacks like those that occurred at Target and Sony, cyber security has become a mandate for companies of all sizes.
Several years ago, the term “cyber readiness” emerged as a way to describe a process of implementing security measures across an organization to continuously monitor for potential threats and suspicious activity. But given limited resources and competing priorities, companies are often unsure how they can achieve a high level of readiness without spending a significant amount on such initiatives.
The good news is that implementing a solid cyber and information security program does not have to be an expensive proposition. It is easier to put in place if it is broken into the following manageable buckets:
- IT Security – This is the starting point. Make sure all of your hardware and networking devices are updated and patched with the latest releases. Conducting a periodic scan of these devices can shed some valuable light on potential vulnerabilities.
- Data and Applications – Ensure that all of your data is stored in a secure manner and is being handled properly within your various applications. Conducting a periodic review of data storage, access controls, and handling procedures is an easy but important step for better overall protection.
- Policies and Procedures – Do you have up-to-date cyber and information security policies such as acceptable use, password management, and incident response? Making sure you have effective and practical policies and procedures that are easily enforceable is a critical step in the cyber readiness process.
- User Training and Awareness – How often do you train your employees on the latest security threats? Do you have a mechanism for sending out notices about new and emerging threats? Do you offer periodic in-house training to all staff? A large percentage of cyber incidents result from human error, so making sure you have a cyber-educated workforce is of the utmost importance.
- Testing and Validation – After all of the security measures you’ve put in place, do you know just how well you are protected? Have you ever tested your defenses by putting your systems and processes through their paces? You cannot assume you are cyber ready unless you periodically test your defenses. There are a variety of ways to do this, ranging from conducting simple tabletop war games to “pulling the plug” or performing penetration testing exercises.
By creating a cyber committee that can evaluate these areas and draft a series of practical steps that make sense for your organization, you can implement an effective cyber security program that’s similar to those in much larger organizations, but in a more agile and affordable fashion.
Sassan S. Hejazi is a director with Kreischer Miller and a specialist for the Center for Private Company Excellence. Contact him at Email.
You may also like: