No company wants to be the subject of the next headline about a cybersecurity attack or critical data loss. Losing business data or customer information takes a toll on your business' reputation and its pocketbook. While it is impossible to entirely avoid an attack, there are steps you can take to mitigate the effects.
Ignoring cybersecurity threats and hoping your company isn't a target is not a good strategy. When an organization experiences a cybersecurity attack, it will incur costs, which organizations need to anticipate even before an attack happens. This calls for framing your cybersecurity strategy from a risk management perspective.
The best cybersecurity plan takes into account that no one tactical item will stop a cybersecurity attack. Instead, the plan must take a calculated, serious approach to mitigating cybersecurity attacks once they happen.
The next step is to empower the data owners in your business by building in accountability for data security and setting up best practices to secure it. Also, create a budget and priorities for securing data. Make security a part of the organization's culture and make security a theme in all IT policies.
QUIZ: Do you know IT security?
Do you know where your data is?
Once your business has adopted a formal cybersecurity plan, you must identify the most critical data to your business:
- Ask what data can your business not operate without. If your company lost client contact information how would it operate?
- What data would harm your business if it were attacked or compromised? Does your business have trade secrets that could be compromised?
- What data would harm your customers if it were attacked? If your business lost sensitive data, such as customers' social security numbers or credit card information, how would it harm your business as well as the customer?
- What business processes does your critical data support? If your business lost its email database contact list, could your sales office still operate?
Once you classify your critical data, determine where the critical data resides and who can access it. To accomplish this, use visualizing applications to determine which users access critical data, where they access it from (i.e. remote access, or via the cloud), and which applications they are using to access it.
Next, prioritize and understand where the risks are within your data. If you make the investment to protect it now, your organization will be in better shape than waiting until after a cybersecurity threat occurs. Reacting under pressure to a threat and playing catch-up means you have lost the upper hand, most likely increasing both the cost of securing your data and the risk of additional threats from suboptimal solutions or prolonged exposure.
Finally, consider implementing a next-generation firewall to monitor and protect your critical data. Next-generation firewalls are a good solution for any size organization and allow you to control and see how applications are being used on your network.
Read more about pc in Network World's PC section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.