Monthly Archives: January 2023

Cyber Resilience Is About More Than Just Technology

Attacks and threats producing attacks continue to occur. How can your company keep up, and protect itself from financial, legal and other consequences? Cyber resilience, the ability to recover from a cyber attack, involves people and processes even more than technological tools. Read on to learn more about helping your organization plan how to keep going in the face of an attack.

 

Cyber Resilience Involves People and Processes

 

Cyber resilience is more than just technological tools protecting your organization. Cybersecurity is part of it, but not all Cyber resilience has to do not just with preventing a cyber attack, but recovering from the damage and evaluating the response. This evaluation may include changes in policies and procedures. According to a CompTIA Community Blog post, people can be the most important asset in defending against – and  in some cases recovering from – a cyber attack. 

 

What Causes Cyber Attack?

According to statistics, more than 50% of cyber attacks and resulting data breaches stem from human error. Lack of training is a primary source of risk. Do employees know what to do if they get a phishing email? Do they know what one looks like? What are your workers’ skill sets, knowledge, levels of training? How well has your company defined processes for cyber security, disaster recovery, and monitoring? Though cyber resilience processes can be defined by executives, everyone plays a part in protecting your company.  

 

Performing a Cyber Resilience Assessment and Moving Forward 

 

While developing policies, processes and procedures can seem daunting, some resources can get you started. A good starting point is evaluating current defenses along with workers’ skills. The National Institute of Standards and Technology provides a framework for preparing your organization’s defenses, one that can be used by SMBs and MSPs alike. Small to medium-size businesses, along with their partners, don’t have to be alone in the fight against cybercrime. 

 

Frameworks for developing procedures, along with resources for training staff, can help your company prepare for and recover from cyber attack. For further assistance, contact your trusted technology advisor today. 

Using Multiple Layers for Comprehensive Cybersecurity

How do you know if your company’s cybersecurity efforts are working? Is the lack of a data breach enough to tell you that you’re doing well? Maybe, maybe not. Read on to learn about analyzing your risks and using that information to keep your systems and data safe, and your company doing business.

 

Start with Analyzing Your Company’s Risks

 

It used to be that companies just needed a firewall, some security patches and endpoint protection to protect digital assets. Nowadays, the secure perimeter is far outside company walls, with numerous endpoints connected to networks as employees work anywhere and everywhere. Events of the past few years have introduced new security challenges, including the uncertain security of network endpoints. More than tools, a comprehensive understanding of your firm’s risks and the consequences of these risks will help with security efforts. A good place to start is considering your company’s unique risk picture. What are your mission-critical data and applications, and what are the consequences of a data breach? Perhaps your business is subject to compliance regulations like HIPAA or PCI-DSS, or even GDPR. Financial and reputational consequences also exist, like the cost of downtime and  clients’ trust in you to keep their data safe. 

 

Multiple Layers Increase Security

 

A layered approach to security, more than any single technical tool, will help protect your company’s digital assets. Network monitoring is one such layer, showing both normal and suspicious activity. Multi-factor authentication protects your workers by keeping information out of the hands of attackers. Training your workers to spot phishing emails that can carry ransomware, and educating them in password maintenance, gives them the tools to keep bad actors out. Principles of zero trust, like identity access management and giving users the least access they need to perform functions, can also protect data and applications.

 

While there is no such thing as perfect cybersecurity, your business can take many steps to protect itself and keep running. For a risk assessment, contact your technology advisor today.