There are news items almost every day about significant data breaches, identity thefts and malware attacks almost every day. Cybersecurity has finally become a top priority for companies worldwide, for the sake of their privacy and the privacy of their customers. Every business today needs a comprehensive strategy that provides a defense against cyber-attacks. It's not just a good practice, but a critical one. At a minimum, your corporate IT security process should include the following 6 steps: At a minimum, your corporate IT security process should include the following 6 steps:
- Identify Critical Assets - Knowing which assets your company has and assessing their value will help you determine exactly what should be secured. Understanding of industry compliance requirements, including PCI DSS for Retail and HIPAA for healthcare, is also necessary for this evaluation. These assets not only include stored and transmitted data, but people, networks, systems, and devices, and should all be ranked in terms of priority.
- Set Organizational Security Policies and Standards - Once you have identified the assets that need to be protected, comprehensive organizational security plan should be put in place. The reason for this is two-fold: to develop security standards for all identified assets, and to outline the response plan if and when a breach is detected. Your plan should address everything from access controls, authentication, acceptable use, auditing, to disaster recovery and business continuity planning. This plan is a living document, and should be reviewed and modified on a regular basis. Importantly, all employees must be trained on the policy at least once a year.
- Enable Threat Detection Tools – Next step is to put tools in place to detect threats and reduce vulnerabilities by monitoring network infrastructure, systems and even people, to spot anomalies that could cause harm. These tools including managed firewalls, intrusion detection and protection, anti-virus, anti-SPAM and malware protection, distributed denial of service (DDoS) and web fraud detection. Many solutions provide dashboards and detailed reporting functions to help track and measure activity.
- Formulate and Communicate Response Plan - When these tools detect a threat, a company's response plan gets put into action. In some instances, the security tools themselves will respond to the threat automatically. In others, the organization or a third party must respond manually. To respond correctly, the organization must have a standard operating procedure for each type of potential threat. These procedures should identify what actions a threat should trigger, which people take what steps and who gets notified. Everyone involved with incident response must know their roles ahead of time and where the plan resides.
- Develop Recovery Procedures - Even with security in place, breaches can occur, so you need to be prepared to react. Part of your corporate Response Plan should address what tools, actions or partner will be responsible for recovering systems and applications. Business units specializing in marketing and public relations also have a role to play in recovery as breaches can be detrimental to a company’s reputation and public image. These departments should know ahead of time what messages to communicate and how to publicize it.
- Regularly Review and Update Policies- When a breach occurs, you should proactively take steps to understand how the same situation could be avoided in the future. Part of the recovery process involves updating the organization’s response plan with any lessons learned. Conducting periodic audits and ‘fire drills” will also allow you to assess security within your organization, including status and compliance (if applicable), and point to technical controls and guidance that must be enforced or updated.
While no organization can be fully immune to threats in today’s environment, by following these steps, you’ll be ready to act if the need arises. Advantage has relationships with dozens of managed security providers (MSSP), and our team is always available to help you fully investigate appropriate solutions to address your specific cybersecurity needs.