In the current operational environment how seriously do you take your Cyber Security? Do you have a Cyber Security Program in place?
Do you follow the best practices or even know what they are in this setting? Do you have the “It won’t happen to me attitude”? Times have changed. It is time to act in the best interest of yourself and/or your company. Don’t be the reason your company fails to adapt to the current threats and technology!
Have you ever considered Cyber Insurance? Why would you need Cyber Insurance? What does it cover? These are all questions that come to discussion for users and organizations. Cyber Insurance is coverage for the recovery from a cyber attack or ransomware. This coverage helps reduce costs incurred by the time and production lost in the recovery stage post incident. In the current operational environment, we work in it is not an if but a when. No matter how good your security is there is always a better adversary. You can only mitigate the threat to the best of your ability.
Cyber Security Program Plan
Have you conducted a Cost Benefit Analysis of having a Cyber Security Program vs not having a plan. This is an eye-opening experience. When the need arises, the plan prevents panic and keeps mitigation streamlined. Do you or your staff know what to do in the event of an incident? Do you know how to react or who to notify to begin recovery? All these questions are exponentially harder to answer under the stress of an ongoing cyber incident. This plan should identify in an ordered list how to react.
Industry Best Practices
When was the last time you or your company applied a Firmware Update? When is the last time you patched a bug fix. Do you rotate passwords and use 2 factor authentication. Do you require complex passwords that can’t be reused.
Cyber Security Risk Assessment
When discussing Cyber Security, a Risk Assessment identifies what is at risk and how critical those risks are. This risk assessment should include user risk and insider threats whether intentional or unintentional.
Mitigation is one of the most important parts of the plan. Initial mitigation can be time consuming to get to an industry standard, but once at this level maintenance is much easier. With any task there is a risk but how it is managed can make or break a network or business in a cyber crisis.
When controls are implemented, they must be rescanned to ensure they have corrected the deficiency as intended. Control should be implemented as soon as they are approved, and vetting is complete.
Encryption is a major step in controlling a possible future security breach. Encryption will help to render stolen or leaked data unusable for a longer period. It can eventually be decrypted but usually it will give time for reaction to data loss that in the right circumstance can allow it to be rendered useless. The goal is to use encryption that allows 5 attempts at entering a decryption key and then self-deletes or destroys the data to protect it.
Network security is huge. The less people that have admin access to a network the better. Contractor and Guest access to the network should be kept to an absolute minimum and guarded when granted. Networks should be segmented so that there is a logical and virtual separation of functionality on the network. Users should not be on the same IP range as the servers. Cameras should only have access to the cameras and not to other items within the network. Camera systems are often the easiest target for a bad actor.
System hardening is a major part of a cyber security plan. Firmware and operating system patches as well as bug fixes should be applied as soon as possible. Any CVE’s that are published should be applied. These are all things to make a system harder to access and can help prevent unauthorized access from spreading.
When all these aspects have been applied it is easy to be complacent. This is the time where monitoring is key to early detection. An unmonitored network is a compromised network. Remember that these are the best preventative measures.
A plan should be reassessed at a regular interval. If it is not living in the aspect of being adaptive it should be reassessed quarterly at the minimum.
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in NO CONTRACT IT Support, Cyber Security, IT Service, IT Security, Office 365, Cloud, VOIP, SPAM, Wireless, Network Design, Custom Gamers, MAC repair, PC Repair, Virus Removal, and much more. https://www.fcnaustin.com/services/
Give us a call for remote support or drop in to drop off. https://fcnaustin.com