Minimizing Cybersecurity Risks Series
Our clients, business partners, and business leaders regularly ask us what to do to improve organizational security. There is no one thing to do. There is no one thing that you need to do only once. Managing security, just like managing clients, is a full-time responsibility and necessary to keep your business operating successfully. Over the next few weeks, we will review strategies to help you implement and maintain a secure business environment.
Speed of detection and response is critical. The number of attacks on US infrastructure and businesses large and small is increasing. From Solar Winds and Colonial Pipeline to Kaseya and all the smaller incidents in between point to a tsunami of security offensive and incursions into the US economy. The Center for Strategic and International Studies keeps a log of major attacks that provides visibility into the multi-front offensive affecting all industries.
It is imperative that you understand security in the context of your own business. Start by assessing your assets and how they are at risk within the context of cybersecurity. Each company will have its own unique risk profile, and given that profile, must develop a strategy to mitigate identified security gaps.
What can you do to elevate your firm’s ability to mitigate risks? Over the next few weeks, we will share recommendations for addressing security across multiple levels within your organization, focusing on the user experience, IT centralization, and management controls.
Minimizing Cybersecurity Risks, Part 1: User Experience
So, let’s get started. These 5 actions will help you implement better user management including identity management for accessing your systems, improving safety of data storage, and educating your team about their role in keeping the organization safe.
Multi-Factor Authentication Application
Install Google Authenticator or Microsoft Authenticator on your company's smart phones. If you have employees and permit Bring Your Own Device (BYOD), then mandate MFA through policies.
Enterprise Password Manager
Deploy a centrally managed password manager. This provides the most control for the company. LastPass and AaDYA are solutions for small business.
Deploy encryption on all workstations and check vendors you are using for encryption using AES-256. Consider Microsoft 365 and Preveil for managing data at rest and transit.
Single Sign On
Single Sign On makes the life of your organization and staff easier by having one password access many corporate applications. There are many vendors including Okta, Microsoft, One Log In, Auth0 and others.
Get a Security Training Package and also train your staff on your Policies. Make sure to include phishing tests. Wizer (basic) and KnowBe4 (more developed) are excellent.
Check back in the coming weeks for tips and strategies related to IT centralization and top-down management.
This is a 3-part series on minimizing security risks. For personalized support digging deeper and prioritizing steps for your organization, please reach out to It’s Just Results CEO, Gustav Plato on our website at Schedule a Consultation Now.
Our clients, business partners, and business leaders regularly ask us what to do to improve organizational security. Managing security, just like managing clients, is a full-time responsibility and necessary to keep your business operating successfully.
Technology alone is only part of the safeguarding solution. Policy standards, insurance, disaster planning, and an approach to full organizational continuity are administrative directives that solidify and sustain your program.
Regardless of how you manage the organization, there must be central direction and oversight for effective cybersecurity. Key IT functions must be performed to safeguard the organization and should be led from “the top” and managed centrally.