A Cybersecurity Plan Is NOT Optional – No Matter What Size Your Organization Is!

In 2016, cybercrime was on the rise, and within the past 5 years, the main targets have become smaller organizations.

As organizations attempt to educate themselves on this evolving threat, computer hackers are hard at work looking for new vulnerabilities to exploit. IT professionals and business owners need to keep track of ongoing trends in cybercrime and cybersecurity. Although most data breaches that reach the headlines are large organizations, don’t be fooled – small and medium business (SMBs) face a high level of risk.

Mitigating your risk is an important strategy and now is the time to begin planning for the year ahead.

All equipment must require login with a complex password or pass-phrase. Ideally, each of your passwords would be at least 12 characters, and contain a combination of numbers, symbols, uppercase letters, lowercase letters, and spaces. The password would be free of repetition, dictionary words, usernames, pronouns, IDs, and any other predefined number or letter sequences.

All potential points-of-entry should be protected and have detection capabilities. Cyber criminals work digitally — through viruses, spyware, malware, etc. – to extract information without ever physically entering your office. Bryley Systems provides a multi-layer, multi-point of entry approach to protecting our customers’ data.  This approach provides multiple layers of both hardware (network and web access) and software (anti-virus and anti-spyware) protection which are constantly updated.

Security logs should be monitored to detect threats and achieve compliance. Organizations are under constant pressure to protect data and crucial IT equipment. Monitoring logs is a critical component of a security strategy and a requirement for regulations such as PCI DSS, GLBA, HIPAA, SOX and others.

When putting together a cybersecurity plan, it is important to use these guidelines:

Identify. You need to know exactly what you have that is worth protecting. This identification step should include transmitted and stored data, networks, all endpoint devices, machines, users, and systems. Once all assets have been identified, you should perform a security assessment to locate each potential weak link within the assets you have identified.

Security Assessment. A security assessment will give you a clear view of your current weaknesses, potential points of entry for hackers, and the strength of your current security measures.  Computer security is an ever-changing world. Utilizing a layered approach is the best defense against cybercrime. Every organization, regardless of size, should continually manage, evaluate, and update their security infrastructure to lessen the threat of a cyberattack.

Protect. Once you understand what you need to protect, you can take immediate steps to secure those items. Protection involves a variety of measures, including implementing authentication and applying patches and updates to all equipment and software. Some assets may require upgraded technology to achieve the necessary security standard.

Detect. After you have put security measures in place, the next step is to implement the technology to monitor your environment for threats, such as firewall intrusion, distributed denial of service (DDoS), and ransomware attacks.

Respond. There is a saying in the cybersecurity community: “It is not a matter of whether your organization will experience a cyberattack. It is a matter of when.” No matter how good your cybersecurity plan is, you may still experience a threat or a breach. Therefore, it is crucial for your organization, or a designated third party, to decide how to respond to each type of threat. For example, your security tools may handle a threat automatically in one instance, but require a technician’s response in a different type of situation.

Recover. If your organization does experience a breach, you will want to have a recovery plan in place. The plan should spell out what actions should be taken, what tools should be used, and which person or partner will be responsible for recovering data, systems, and applications.

If you would like to improve your 2017 cybersecurity plan, or to inquire about Bryley’s full array of our Managed Cloud Services and Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.