The leadership of our consultancy Crucial Point have been working to enhance the security posture and mitigate cyber risks for over a decade, successfully operating across multiple sectors of the economy to help leaders thwart dynamic adversaries. In doing so we have found most businesses can take steps to raise defenses before calling in the experts.
The nine steps below, taken from the Crucial Point Best Cybersecurity Practices page, can help kickstart the defense of any firm.
These steps are:
- Use a “framework” that will guide your action. Our favorite one is the NIST Cybersecurity Framework, but there are many. This framework will help guide your policies, procedures, contracting and incident response.
- Work to know the threat. Knowing the cyber threat will help you more rapidly and economically adjust your defenses. We wrote a book to help you do this. Find it at: The Cyber Threat
- Think of your nightmare scenarios. Only you know your business and only you can really know what could go wrong if the worse happens. Use these nightmare scenarios to help determine what your most important data is, this is going to help prioritize your defensive actions.
- Ensure you and your team are patching operating systems and applications. This sounds so basic, and it is so basic. But it is too frequently overlooked and it gets companies hacked, again and again. So don’t just assume it is going on. Check it.
- Put multi-factor authentication in place for every employee. Depending on your business model, you may need to do this for customers and suppliers too. This is very important for a good defense.
- Block malicious code. This is easier said than done, but work to put a strategy in place that ensures only approved applications can be installed in your enterprise, and, even though anti-virus solutions are not comprehensive, ensure you have them in place and keep them up to date.
- Design to detect and respond to breach. This means put monitoring in place and also use proper segmentation of your systems so an adversary has a harder time moving around.
- Encrypt your data. And back it up!
- Prepare for the worse. Know what your incident response plan is and make sure it is well documented and reviewed. Ensure it includes notification procedures.
Those are just the first few steps. But please put them in place! By following community best practices you can make an immediate difference in your own security posture. These are, for the most part, things you can do yourself for very little cost.
To accelerate your implementation of these best practices, or to independently verify and validate your security posture and receive detailed action plans for improvement, contact Crucial Point here and ask about our CISO-as-a-Service offering.