While tips and tricks won’t make your organization bulletproof, it will help make you bullet resistant. Here is a list from Boston Business News that is simple and right on.
1. IT Risk Assessment. You MUST start with a risk assessment and if you are up for it, I would recommend a business risk assessment. IT risk is just part of business risk and if you have not conducted an overall business risk assessment in the last 12 months, I recommend one.
2. Network vulnerability testing – simple and relatively inexpensive these days. You should do one from the outside of your network and also one on the inside. Networks are like M&Ms – crunchy on the outside and gooey on the inside. You don’t want to make the hacker’s life easy if they get in by making your network’s insides any more gooey than you have to.
3. Vendor management – if you have vendor’s that access your network – or even that you just trade documents and emails – that may be your biggest exposure. It was for Target and Home Depot and those did not turn out well. You should have cybersecurity standards for your vendors and then make sure that they actually comply.
4. Security awareness training – it is NOT a silver bullet, but most breaches do not start with the bad guys breaking down your front door and holding a gun to your system administrator’s head. 99% of the time, users do something that gives the bad guy a foot hold. If you can reduce that to 50% of the time, you are way ahead of the game. And this is NOT a one time effort. Sorry. EVERY SINGLE MONTH. OR DAY.
5. Incident response plan – you REALLY need to have a plan for what you are going to do when you have a breach. Notice I did not say if. Scrambling around after the breach will make you look like Sony and that was not pretty.
If your eyes are rolling back towards the back of your head right now, you need assistance executing these five tasks. Contact me.