No matter your business size, you are a target for someone. Cyber criminals are now more numerous than ever, and they have a threat surface larger than any we’ve ever seen to exploit gleefully. And they aren’t the only risk to your organisation’s assets, either – hardware failure, natural disaster, and your own employees can cause just as much damage.
Amidst this new landscape, it’s not enough to simply throw money at the problem and hope it will go away. You need a plan. And for that plan to be successful, it must be built upon three critical pillars.
Knowledge & understanding
Your first step is a thorough risk assessment of your business. Use a framework such as US-CERT or NIST. If it is possible and feasible, you may also want to consider bringing in a third-party cyber security firm, as they’ll likely be better-equipped to probe your business for vulnerabilities.
Once you understand your business’s risk profile, your next task is employee education. Cyber security is everyone’s responsibility, so in order to execute an effective plan, you’ll thus need buy-in at every level of the organisation, beginning from the top.
Focusing on the right tools
Armed with an understanding of your business’s unique threat profile and its employees distinctive needs, you can then reposition infrastructure and software planning as more of a collaborative process – not, in other words, the sole domain of IT. Engage with each department of your business, and ensure you understand their specific needs. Your goal here is to implement systems that both protect your assets and empower the end-user.
Business continuity & recovery
A good cyber security plan focuses on more than prevention. It’s also concerned with mitigation. Should the worst happen and your business finds itself under threat, how will you respond?
How will you notify victims and key stakeholders? Which personnel are responsible for addressing the issue, and how will they keep in touch with one another? What systems do you have in place to ensure access to critical assets is not lost as a result of an incident?
Source: Business 2 Community