By: Brian DeVault
Cyber crime is rising at an alarming rate. Since the start of the COVID-19 pandemic the FBI has reported that cyber crime is up 300-400% and rising steadily. Industry experts also estimate that in 2021 ransomware attacks are happening 10x more often than they were in 2019. That is why it is critical that your company assesses its cybersecurity posture and begins to make changes to improve your organizational security, beginning with administrative tasks as outlined below by Brian DeVault and Mike Cromwell of NETRIO.
Policies
This is an important subject because it adds a tremendous amount of value to an organization’s posture and it introduces the structure around what businesses say they are going to do and then forces them to follow up on it. You should have an information security policy, data security policy, acceptable use policy, and an electronic systems use policy. You can reach out to your HR team or a business consultant or an MSP to help develop any of these policies that your company may be missing.
An MSP can easily get these documents prepared for your business and ready for you to present to your team. Upon hiring, your employees should read these policies and understand them and be sure to follow through with these practices to ensure your business is in good hands and everyone is on the same page.
Procedures
Every company should have safe procedures that align with your business practice. For instance, if you are an office based business where employees sit at a desk in front of a computer, there should be a procedure for stepping away even for a quick bathroom break. Always make sure your computer or laptop is locked whenever you are not in front of it. You can hit CTRL, ALT, DEL, then hit lock. Make sure the password to unlock isn’t sitting around on a sticky note or anywhere else that is easy to access.
Regardless of the length of your company’s procedure plans, they should prioritize the areas of primary importance to the organization. That might include security for the most sensitive or regulated data, or security to address the causes of prior data breaches. An MSP can help highlight areas to prioritize in the procedures. The procedure plan should also be fairly simple and easy to read. Include technical information in referenced documents, especially if that information requires frequent updating.
Documentation
Everything about how you’re going to deal with data security needs to be written down. Information security documents should have all of your organization’s cybersecurity policies, procedures, guidelines, and standards. These documents should ensure the confidentiality, integrity, and availability of your client and customer data through effective security management practices and controls. These security documents are critical to proactively protect your data while maintaining compliance with both regulatory and customer requirements.
Consistent management of organizational and financial data with efficient information systems is a key to a successful business. The world these days revolves around the internet, which has its own pros and cons. Along with bringing connectivity, it also brings in security challenges to the organizational information. This raises the need to innovate and develop the information systems that are more secure and have no dependency on people and environment. An effective information system documentation will help your business with better planning, decision making and provide your desired results.
Business Continuity & Damage Recovery Plans
Your business continuity plan should focus on defining how your business operations should function under abnormal circumstances during a disaster or emergency. Meanwhile, your disaster recovery plan should focus on getting applications and systems back to normal after a disaster or emergency. Business continuity planning and disaster recovery planning both provide several benefits to your organization like people and property protection, morale boost, improved decision making and risk management.
If damage takes place to your business or if people are harmed, you’ll want to make sure the proper insurance protocol is in place. Make sure you assess your risks and think about what kind of accidents, natural disasters, or lawsuits could damage your business. Find a reputable licensed agent. Commercial insurance agents can help you find policies that match your business needs. A good idea is to reassess every year because, as your business grows, so do your liabilities.
This blog post is part of NETRIO’s weekly Whiteboard Wednesday series. Follow along on Linkedin and YouTube each week as Brian and Mike discuss use cases, new technology, and trends.