We are frequently asked about best practices on how an organization should prioritize its cybersecurity defenses.
We’ve all probably heard, “To catch a thief, you must think like a thief.” Like any business, cybercriminals want to maximize their ROI, meaning they want to find the most vulnerable entry point into your IT infrastructure and, once inside, look for the next easy penetration point and attack that one, and so on until reaching the grand prize that will yield the maximum ransom. However, if attempting to penetrate the first few layers looks too difficult, the cybercrooks will move on to another organization to target.
The best defense is to follow a layering strategy to protect your IT assets.
Studies have shown that the most vulnerable layer is the human one. Users fall for phishing schemes and inadvertently share files and passwords. If your cybersecurity budget is a small one, start there. Employees can be trained to avoid hacking attempts, and there are services available to help with training at a very reasonable investment. Also, consider a password manager to help facilitate changing passwords and keep them secure.
Beyond the human layer are the perimeter, network, endpoint, application and data layers, and, lastly, the mission-critical layer which contains the operating systems, line of business software, financial records, and other assets the organization must have in order to continue operating. Each of these is unique to every organization and should be evaluated by an IT professional who can create a customized solution for you. The most complete security solutions address each of these layers.
Even with the best-designed defense systems, breaches may occur. A business continuity solution will often work to provide a way to recover critical data and restore your IT systems to an operating condition while the cause of the breach can be determined and remediated. Also, consider a cyber insurance policy, along with an incident response plan that details actions you must take in the event of a breach.
Having a plan that includes a roadmap leading to effective cybersecurity defense and incident response is critical to the health and reputation of your organization. Invest in these as you can and revise them as new threats are discovered. Your security plan should grow not only as you grow, but as the threats grow.
Subscribe to Email Updates
SubscribeGet Edmond Business news in your inbox.
About Davis Merrey
Davis, is Owner/CEO of TeamLogic IT of Oklahoma City, part of an international network of franchisees providing IT support for businesses. He brings many years of experience in a variety of technology related industries, leading teams in providing technical solutions that respond to critical customer needs. The company culture is defined by its Mission Statement: “To help our fellow employees and clients be successful”.
Davis earned a BS in Electrical Engineering from the Virginia Military Institute and an MBA in Management from Golden Gate University in San Francisco. He serves on several business related and non-profit boards of directors.