Narrow by location

Start From the T.O.P Down: Ways You Can Improve Your Organization’s Cybersecurity

Technology

from Carr, Riggs & Ingram

Until the last couple of years, data breaches seemed to be the domain of major corporations—Target, Home Depot, Sony, JP Morgan. However, in recent years, as businesses of every size become increasingly reliant on data and information systems, it is becoming clear that no business is too small to be a target. And yet, only 45% of middle market companies have an up-to-date cybersecurity plan. Just like the big players, small and mid-sized companies should also take steps to ensure that their data is secure, starting from the T.O.P. down.

Technology

To shore up weaknesses in technology, management can start with the simple fixes. They can ensure that the network has appropriate antivirus and firewall software, that entry into the network is password protected, that critical data is backed up regularly, and that the systems are patched when needed. Management should also insist on two-factor authentication, as well as regular reviews of files and network permissions.

Technology can not only help prevent attacks, but it can also help detect them as well. Data breach detection systems monitor and log the activity surrounding potential areas of entry. Collecting this information is important, but management should not stop there; these logs should be aggregated and combed through for unusual activity. Often, cyber breaches occur over long periods of time, so discovering activity as it occurs can shed light on the breach before the perpetrator causes too much damage.

Organization

An organization’s security policies should be both forward-thinking and adaptive, and they should cover all relevant aspects of data safety, including the following:

• internal controls
• password management
• social media
• e-mail usage
• mobile device guidelines
• incident reporting procedures
• internet usage
• remote access
• third-party access
• legal requirements

Regular security assessments (every two years at a minimum) can help the company determine how well its security policies are operating. A professional security assessor also can highlight opportunities to adjust policies and procedures as threats evolve.

To supplement the security assessment, the team should gather up-to-date intelligence on cyber threats from reputable sources so the company can stay ahead of attackers. New threats can alter the organization’s cybersecurity strategy, but so can new technology. Management should assess how a new type of technology–such as moving to a cloud-based application–can change the company’s approach.

People

Organizations with a robust cybersecurity team have the best chance to address security threats. This team must include owners who are invested in data security. Dedicated IT team members, whether full-time, part-time, or outsourced, can implement management’s plans. Hiring a chief information security officer (CISO) may not be feasible, but a professional advisor may be able to fill that role on an outsourced basis.

The organization’s employees should also be invested in the company’s data security plans. Staff members are often called the “human firewall” because they are the most effective first responders to cyber threats. In order for the human firewall to be effective, staff must be educated in cyber threats and mitigation policies, understand how to report and respond to suspicious activity, and believe in the company’s cybersecurity goals.

Third parties should also be considered part of the cybersecurity team because of their access to sensitive information. A third-party risk management (TPRM) process may be something for the organization to consider. These processes are formalized mechanisms to guard against attacks that originate in the company’s supply chain. These systems can vet third parties for reliability, integrity, and loyalty; manage the ongoing relationships, and monitor the third parties’ information systems usage.

Ready to begin?

If you start at the T.O.P., you will be well on your way to improving your organization’s information security program. Download our white paper to learn more about how to strengthen your cybersecurity posture. To get started on a cybersecurity risk assessment, or for additional guidance, contact your CRI cybersecurity specialist.

Protecting Your Company Against Executive Impersonation Fraud

from Carr, Riggs & Ingram A company’s employees are generally expected to strive to protect the organization from... »

4 Steps to Assess Your Cybersecurity Risk

from Carr, Riggs & Ingram Do you know where an attacker could break through your company’s cyber defenses?... »

Sensors Advance Safety and Productivity in Access Equipment

By Jennifer Stiansen, Construction Executive Reposted with permission from constructionexec.com, February 1, 2018, all rights reserved. Copyright 2018. Since... »

Mobile Tracking Apps Are Revolutionizing Construction—It’s Time to Get on Board

By Kim Harris, Construction Executive In an InfoWorld article published over a decade ago, Ephraim Schwartz predicted that... »

LEAVE YOUR COMMENT

Your email address will not be published. Required fields are marked *