Today marks the beginning of National Cybersecurity Awareness Month. From CEOs to college students, cybersecurity is on everyone’s radar; and cyberattacks aren’t going away anytime soon. For businesses, it’s not a matter of if a breach will occur but when – an incident is inevitable. Therefore, it’s more important than ever for companies to evaluate their cybersecurity tools and processes to help prevent, detect and manage the repercussions of a cyberattack. But where to begin? These types of attacks are varied and ever-changing and cybersecurity software options are seemingly endless.
If you’re feeling overwhelmed by all that encompasses cybersecurity, start by considering these three information management best practices:
- Go back to basics (i.e. education and training). All the cutting-edge software in the world can’t protect a business that does not have a solid cybersecurity foundation built on a culture of responsible technology use. Employees are the first firewall, but if they don’t know what to look for then it’s impossible to rely on them as a preventative measure. Continuously train your employees on cybersecurity best practices and encourage them to reach out when they’re in doubt. An open dialogue between employees and the IT team is one way to get everyone on the same page and manage risks.
- Compliance is the bare minimum. Several states have passed legislation requiring certain measures to protect both businesses and consumers. For example, in July, New York Governor Andrew Cuomo, signed the Shield Act into law. Among other mandates, the law adds multiple requirements for protection of user name, email addresses, passwords, biometrics and more for all residents of New York State providing their personal information to any U.S. business. First and foremost, when implementing cybersecurity tools and processes, businesses must ensure they are complying with all laws in the states they operate in, as well as laws that apply to their customers residing in other states.
- Keep an eye on new technology, but approach with caution. There’s been a lot of buzz around blockchain in recent years – countless different industries are exploring the ways it can improve efficiencies and security; but there’s still work to be done in preparing this technology for the inevitability of human error. Along the same lines, some companies are exploring AI to help ward off alert fatigue among their IT teams. Not all new tech will work will for your business or fit with your current cybersecurity measures, consult your trusted IRM advisor before moving forward with a major investment like this.
Once you and your IT team assess how the business is doing in each of the areas above, you can determine the best course of action to secure the organization against current and future cyberthreats. Remember though, cybersecurity is always evolving – from new types of attacks to the emerging tools and technologies to prevent them – don’t set policies and forget them, consistently evaluate and revise as necessary to protect your business. The services of a cyber risk management and compliance firm can ease that burden and help you stay on top of cybersecurity.