Alleviating cybersecurity risks comes in many shapes and sizes—and so do organizations. Large enterprises with deep pockets and full-fledged SOC teams adopt the latest technologies and processes to fight back against adversaries. But for mid-size organizations, reducing risk is often constrained to a pick-and-choose approach. With limited funds, headcount, and internal knowledge, those responsible for keeping data secure are left wrangling the tough decisions of what matters most.
Here at Cadre, we firmly believe that there is no “one size fits all” approach. We’ve had decades of experience with a variety of companies—some probably resembling yours. But even still, there isn’t a carbon copy of a security prescription to dole out. However, that doesn’t mean there aren’t best practices that everyone can follow to avoid common mistakes. And that’s the guidance you’re here for after all, so let’s jump in:
1. Don’t discount your value. Many mid-size organizations think that just because they are smaller, they aren’t a target. On the contrary, adversaries often perceive smaller companies as easy targets—and without the proper protections, they can linger undetected for lengthy periods of time.
2. Know where your security gaps are. We all get caught up in the day-to-day work. Especially when there’s new malware at every turn. But it’s critical to carve out time to analyze security risks as the business and world changes.
3. Establish a baseline. If you don’t know what is “normal,” how will you know what activity is “abnormal” on your network and devices? Businesses should have some form of monitoring and logging in place to flag any activity or incident that should be investigated.
4. Inventory your assets, and do it regularly. People and devices come and go. Be sure to complete quarterly asset inventory assessments so you know who and what is connected to your network.
5. Train users on security more often. There is never enough security training. Even the most vigilant users fall for phishing attempts. By creating more training opportunities, companies can move towards a culture of security where users understand strong cybersecurity isn’t only important for the company, but for them personally, too.
6. Evaluate supply chain threats. If recent high-profile breaches have taught us anything, it’s that the supply chain is more vulnerable than ever. We will begin to see it being regulated more, which can impact business function and revenue.
7. Put a business continuity plan into place. The old saying goes, “it’s not a matter of if you will be breached, but when.” Be sure your organization has continuity plans in place covering impacts from basic cybersecurity to core business functions for everything from targeted disruptions to a worst-case scenario.
8. Segment your network. What’s worse than a malicious actor that gets into your network? One that can move freely within it. To prevent this, be sure to segment your network.
9. Patch. Need we say more? Okay yes, patch in a timely manner and in a deliberate fashion. Audit your patching.
10. Accept help. Cybersecurity changes every day. Keeping up with vendors and their technologies, sifting through acronyms, and steadying a finger on the pulse of your company’s security is often an impossible task. Be sure you have a lifeline when something goes wrong or you need an outside perspective from a trusted source.
Of course, this list isn’t comprehensive, but it’s a good place to start. Even if you’re heard many of these best practices before, it can be a gentle reminder that some need renewed attention.
Still struggling with these 10? Need more help getting your cybersecurity in order? Read our blog, 10 Reasons a vCISO May be a Good Choice for Your Company.