By: Dave Kelly, CTO – SensCy
- There are no magic bullets. Cybersecurity is a business risk that needs to be managed and included in your strategic planning. As with any other business risk, cybersecurity should be visible at the top of the organization. Recommendation: Make cybersecurity risk a standing agenda item at quarterly board meetings and executive leadership meetings.
- 80%+ of successful cyber breaches are the result of social engineering. Your employees are your greatest risk, but they can be your first line of defense with ongoing education. Recommendation: Invest in your employees by educating them on how to recognize these attacks.
- Visibility at the top + education throughout your organization = an active cybersecurity culture. An active cybersecurity culture is better protected from an incident, better prepared to respond to an incident, and able to recover and stay in business, should an incident occur. Recommendation: Ensure you have a Cybersecurity Incident Response Plan. Make sure the leadership team and the IT team understand it, know how to activate it, and have practiced doing so.
- Security patches cannot be ignored. They are released because a vulnerability has been identified. Every day you wait to install them puts you at greater risk. Recommendation: Institute a policy that ensures security patches are installed within 24 hours of release. Ensure your team is accountable for doing so.
- Backing up your data is critical to ensuring you don’t fall victim to Ransomware. Recommendation: A successful recovery from a Ransomware incident requires that your data is backed up on a separate network or in a cloud service designed for this purpose. Back up your data daily!