Hi. I am Frederic Farcy, President of TNTMAX, with some more cybersecurity tips and recommendations for you and your business.
Have a plan – Corporations and organizations that want a strong cybersecurity strategy must begin with a plan. Management with the help of their IT providers must perform a detailed risk management assessment for their organization. This assessment must include:
- Understanding the information and system that run your business
- Selecting security control to protect these systems and their data
- Implement the security control
- Assess how well the security control are doing
- Monitor the security control
See diagram below from the National Institute for Standard and Technology (NIST)
Once you finalize your risk management and security plan you must assign a budget to implement, maintain and meet all its requirements. The security plan, once implemented, must be strictly followed by every person in the organization. It is critical that you review this plan on a yearly basis and update it as needed so that you can discover any weaknesses before it’s too late.
Having a plan, gives you the framework to move forward and develop appropriate company IT policies, procedures, standards and guideline. Together with your Information Technology services specialist create the rules and guidelines your staff must follow. Some of these guidelines will include:
- Password policy
- Acceptable use policy
- Email policy
- Remote access policy
- Cybersecurity Policy
- Vulnerability Management Policy
Communicate! – Open communication between management and staff is extremely important so that there is a complete understanding of what access and protection each employee needs to complete his or her duties successfully. Facilitate discussions on how your company uses technology and how to improve your state of preparedness.
Points to discuss may include; identifying your most valuable information and who might want it; determining how connectivity with vendors and partners affect your cyber risk; understanding how your data and integrity may be impacted in the case of a security breach and determining if your systems store personally identifiable info and/or health data.
I know this is a lot of information and most companies do not have the time or resources to effectively manage – and enforce – their IT policies. In the long run, outsourcing your IT strategies and services will be well worth the investment because getting hacked is an expensive proposition! Give TNTMAX a call to help your business craft a plan of security and support that meets your needs and fits your budget – and head to our website for more information and take a short quiz to see how security-aware you are with phishing emails.
Blog post with quiz links.