For Week 3, we’re focusing on how to protect your business from a cyber security standpoint. Let’s break it down into five steps:
Identify The first step to having a pro-active cyber defense is to recognize the dangers before it’s too late. Understand the data and information your company considers confidential. Pinpointing this data is critical, but documenting where the data is stored and which employees have access to it is just as important. A good rule of thumb: Only allow the necessary employees to have clearance to this data.
Protect involves preserving those predetermined assets from both external and internal threats. Technology solutions can be a strong barrier of defense, but employee training can be even more effective. The majority of the time, hackers find their way into a system because an unsuspecting employee clicks a malicious link or file. Stressing the importance of being cyber secure to your staff will save money and hassle in the long run. A good way to start is encouraging the use of strong passwords, using multi-factor authentication, avoiding public wifi, and more.
Detect is about discovering a system breach as quickly as possible. Over the past year, many hacks had been in place for weeks or even months before the company realized. Detecting these threats goes back to identifying them – if you know what attacks may hit you, you will be better prepared when they come. You also need to have the right tools and services to detect these threats and have appropriately skilled personnel who can interpret the warning signs.
Respond is about how efficiently and productively you react after realizing you’ve been attacked. No company is impermeable to attacks, and thinking so is naive. A well executed game plan will involve 1. Resolving the incident as quickly as possible 2. Identifying the impact 3. Maintaining business functionality. Organized internal communication among decision makers and employees is crucial. Distributing alerts to employees, customers and the public should not be a difficult process – plan ahead of time.
Recover The damage of the hack is done, but it’s how you bounce back that matters to the future of your employees and company. Reflect on the incident – how did it start? Questions like this will prevent recurrence. The right education plan for your employees, the right software and hardware safeguards, along with metrics to measure your cybersecurity posture, will lead to better protection of your critical data.