Narrow by location

Start From the T.O.P Down: Ways You Can Improve Your Organization’s Cybersecurity

Technology

from Carr, Riggs & Ingram

Until the last couple of years, data breaches seemed to be the domain of major corporations—Target, Home Depot, Sony, JP Morgan. However, in recent years, as businesses of every size become increasingly reliant on data and information systems, it is becoming clear that no business is too small to be a target. And yet, only 45% of middle market companies have an up-to-date cybersecurity plan. Just like the big players, small and mid-sized companies should also take steps to ensure that their data is secure, starting from the T.O.P. down.

Technology

To shore up weaknesses in technology, management can start with the simple fixes. They can ensure that the network has appropriate antivirus and firewall software, that entry into the network is password protected, that critical data is backed up regularly, and that the systems are patched when needed. Management should also insist on two-factor authentication, as well as regular reviews of files and network permissions.

Technology can not only help prevent attacks, but it can also help detect them as well. Data breach detection systems monitor and log the activity surrounding potential areas of entry. Collecting this information is important, but management should not stop there; these logs should be aggregated and combed through for unusual activity. Often, cyber breaches occur over long periods of time, so discovering activity as it occurs can shed light on the breach before the perpetrator causes too much damage.

Organization

An organization’s security policies should be both forward-thinking and adaptive, and they should cover all relevant aspects of data safety, including the following:

• internal controls
• password management
• social media
• e-mail usage
• mobile device guidelines
• incident reporting procedures
• internet usage
• remote access
• third-party access
• legal requirements

Regular security assessments (every two years at a minimum) can help the company determine how well its security policies are operating. A professional security assessor also can highlight opportunities to adjust policies and procedures as threats evolve.

To supplement the security assessment, the team should gather up-to-date intelligence on cyber threats from reputable sources so the company can stay ahead of attackers. New threats can alter the organization’s cybersecurity strategy, but so can new technology. Management should assess how a new type of technology–such as moving to a cloud-based application–can change the company’s approach.

People

Organizations with a robust cybersecurity team have the best chance to address security threats. This team must include owners who are invested in data security. Dedicated IT team members, whether full-time, part-time, or outsourced, can implement management’s plans. Hiring a chief information security officer (CISO) may not be feasible, but a professional advisor may be able to fill that role on an outsourced basis.

The organization’s employees should also be invested in the company’s data security plans. Staff members are often called the “human firewall” because they are the most effective first responders to cyber threats. In order for the human firewall to be effective, staff must be educated in cyber threats and mitigation policies, understand how to report and respond to suspicious activity, and believe in the company’s cybersecurity goals.

Third parties should also be considered part of the cybersecurity team because of their access to sensitive information. A third-party risk management (TPRM) process may be something for the organization to consider. These processes are formalized mechanisms to guard against attacks that originate in the company’s supply chain. These systems can vet third parties for reliability, integrity, and loyalty; manage the ongoing relationships, and monitor the third parties’ information systems usage.

Ready to begin?

If you start at the T.O.P., you will be well on your way to improving your organization’s information security program. Download our white paper to learn more about how to strengthen your cybersecurity posture. To get started on a cybersecurity risk assessment, or for additional guidance, contact your CRI cybersecurity specialist.

Artificial Intelligence in Construction Equipment

By Gari Nickson, Construction Executive How is artificial intelligence (AI) being used to make construction equipment safer and... »

Build a Bridge to the Workforce Via Mobile Technology

By Carla Kath, Construction Executive A construction worker can’t singlehandedly build a stadium or a 70-story skyscraper. It... »

Create Brand Cohesion Across Physical and Digital Spaces

By Catherine Lynk, Construction Executive Whether a business is redesigning its office or constructing a new environment for... »

Takin’ Care of Business: A Security To-do List to Fend Off Cybercrime

By Eric Cole, Construction Executive The king of rock and roll, Elvis Presley, was famous for “Takin’ Care... »

LEAVE YOUR COMMENT

Your email address will not be published. Required fields are marked *