Your Secure Network – Where to Start?
Limited resources force us to be selective about which security controls we decide to use. The foundation of good cybersecurity decision-making is first identifying your organization’s unique risks. What are the bad things that could happen due to the threats and vulnerabilities that exist? Such as
- an employee clicks a link in a phishing email and so downloads malware that propagates on your network, encrypts the data and demands a ransom for the decryption
- an employee leaves a company laptop at an airport
- a hacker cracks the login and takes over your website or mission-critical data
What’s the Likelihood of Each Risk Event?
Next compare your list to industry trends and historical data. Also are existing controls in-place to address the identified risk? Then consider the uniqueness of your operation – how likely is it that a particular risk event will occur in your business? For example an organization that has traveling consultants is more likely to experience a lost laptop than an organization that has its employees operate at a single office.
If the Risk Event Happens What Will Be the Impact?
Next, if the risk event happens, will you be able to conduct normal business operations? Will the risk event affect the health and safety of employees and customers? Will it damage the brand’s reputation? Will you incur penalties or fines? Will there be a loss of revenue? For example: what would be the consequences of a lost laptop?
I Read the News Today Oh Boy
Too often, until we’re in pain we don’t change. But do we have to literally experience a ransomware attack ourselves before we properly fortify our networks?1 We don’t have to look far to see others’ cautionary tales all around us. The average cost of remediation – if it’s even possible – for small-medium-sized businesses is $141,000.2
The Best is the Enemy of the Good
Lastly don’t worry about crafting the perfect cybersecurity program. Perfectionism is sometimes a cover for procrastination. Why wouldn’t hackers feast on networks with poor defenses? Make sure that’s not you.
As the threat landscape continues to shift, so must your response evolve. Also once you commit to a proactive cybersecurity program, you can then assess and improve it over time. The thing today is to prioritize the important, not the urgent. If suddenly what’s urgent is that you’re undergoing a cyberattack, it really may be too late.
For its clients, Bryley is a proactive step. Being proactive is the foundation of our work. Many in-house IT departments focus on the day-to-day. Bryley has techs that can help with these issues, but what’s more is that Bryley brings the bandwidth to address the health of your network and networking practices.
And among the most important of healthy practices is supporting your employees with Security Awareness Training that teaches your employees through phishing-attack simulations, custom classes or through the Bryley Knowledge Base (a growing library of pre-recorded training sessions). Human error is responsible for about a quarter of data breaches3: an untrained employee is a real threat to your business’ systems and data.
Bryley offers a vCTO (virtual Chief Technical Officer) service tailored to your organization’s unique business goals; its purpose is to ensure your business is getting as much value as possible from its technology investment while anticipating future developments.
If you are in Bryley’s New England service area, our expertise in security preparedness is a reason to consider contacting Bryley. Please reach out at 978.562.6077 or by email at ITExperts@Bryley.com.
1 eighty-five percent … reported attacks against small and midsized businesses (SMBs) … [but] just twenty-eight percent of SMBs consider ransomware a worry. https://www.computerworld.com/article/3641849/ransomware-is-a-threat-even-for-the-smallest-of-businesses.html
3 IBM Cost of a Data Breach Report, 2020