Not only is Cybercrime increasing in number of attacks, the amounts demanded by cybercriminals are also increasing. A hacker could place a ransomeware payload on your server simply by a member of your team being ensnared by a phishing email or if they innocently click on a malicious link. Even more frustrating, tools like Ransomware as a Service and Artificial Intelligence (AI) make the hackers jobs easier. We need a coordinated defense that addresses the key vulnerabilities in our organizations and operations.
This defense starts with you. My stance is that everything starts with your vision (what you want to do) and your plan (how you’re going to do it). From there you define key capabilities you need to achieve your plan, and then the organization that is going to lead. It is that organization, those valuable leaders and team members, that you have to educate and set expectations for.
Everything starts with a policy. Your employee handbook should have language that addresses computer and information security, and you should have everyone read and acknowledge this policy (among others) once a year. You can certainly get more detailed, but at a minimum this policy should include:
- Information is the property of the company, and needs to be secured against outside threats (security) and to whom it can be distributed (privacy)
- The platforms used to access company information, including personal devices, must be secured
- Company systems should not be used for purposes other than business
- Passwords should not be shared
- Individual users should not make modifications to company-supplied devices or software
- Programs should not be downloaded from a 3rd party website
- Social media should be used responsibly, and with cybersecurity threats in mind
- There will be required training for everyone with respect to cybersecurity best practices
- This is important, and we will invest resources in creating cybersecurity awareness and monitoring policy compliance
Before you move deeper into the technology stack, your organization should be aware of your cybersecurity policy. This first part is not hard. If you need help getting started, email me – I’ll send you an example I have used before. Do this first, then let’s dive deeper into the technology component.
Stay safe, and as always, let me or the partners at BKM Sowan Horan know if we can help.
Cybersecurity: Threats, Risks & Potential Liabilities
Save The Date: Wednesday, October 7th
11:30a to 1:00p
I’ve asked a friend of mine, George Bower, CEO of Axis Technologies to join me in a Cybersecurity webinar. We will focus on protecting your company from cyber threats, risks and potential liabilities. An invitation is forthcoming and I’ll discuss the webinar in more detail next week.