How To Create Great Cybersecurity Posture

Solutions
NETRIO
Solutions

Managed IT services are essential for the modern organization. As your pace of digital transformation accelerates, your IT infrastructure will grow in both breadth and complexity. It takes a highly skilled team that has expertise in managing complex environments to provide the proactive support model necessary to stay ahead of the demands of the modern workplace.

EXPLORE SOLUTIONS
Managed IT Services

Cybersecurity

Network Operations Center (NOCaaS)

Connectivity

Hardware & Software Procurement

Voice Solutions
Are Managed Services a Good Fit For Your Organization?

We manage IT and technology assets to free up valuable internal resources to lead and deliver on strategic initiatives that advance business goals.

LEARN MORE
Partners
- White Label Partners
- Channel Partners
Why NETRIO?
Resources
- Blog
- Customer Resources
Contact
Book a Consultation
214-888-8500

By: Brian DeVault

Cyber crime is rising at an alarming rate. Since the start of the COVID-19 pandemic the FBI has reported that cyber crime is up 300-400% and rising steadily. Industry experts also estimate that in 2021 ransomware attacks are happening 10x more often than they were in 2019. That is why it is critical that your company assesses its cybersecurity posture and begins to make changes to improve your organizational security, beginning with administrative tasks as outlined below by Brian DeVault and Mike Cromwell of NETRIO.

View Video Transcript

Mike Cromwell

Welcome back to Whiteboard Wednesday. We’re on part two of our cybersecurity series, talking about great cybersecurity posture. So today we’re going to drill deeper into the administrative aspect of it. So, Brian, I want you to walk us through from an admin perspective.

Brian DeVault

You bet.

Mike Cromwell

What are the critical elements and why are they so important?

Brian DeVault

So this is one I think that is frequently ignored, but adds a tremendous amount of value to an organization posture because it introduces the structure around what we’re saying we’re going to do and then forces us to follow up on it. The admin section is talking about policies. So have an information security policy. Have a data security policy. Have an acceptable use policy. Electronic systems use policy, whatever you want to call it. Work with your HR team, work with a business consultant, work with your MSP.

Brian DeVault

I know when Netrio engaged as an MSP, we can provide you with templates for this. So your MSP might have that capability, but come up with these documents, force your users to read them, understand them, and accept them prior to accepting employment. Right? And make sure they align with your business practice. The other piece of it is procedures. A lot of this applies to IT, but some of it applies to accounting or finance or sales. For instance, you should always have a policy and a procedure for when you get up from your computer to lock it, hit control, alt, delete and lock your computer.

Brian DeVault

That way, you’re not stepping away to the bathroom and someone’s leaving their QuickBooks up online or their accounting software or their latest sales opportunity. Right. So have those procedures in place that help you ensure security.

Brian DeVault

Documentation. Right? So, everything about how you’re going to deal with data security needs to be written down. If I’m gonna exchange data with someone how am I gonna do that? Is it acceptable for me to email a proposal in Microsoft Word format? Probably not. Proposals only go out in PDF.

Business continuity and DR plans. Everybody should have one. I think COVID taught everyone to go create one. I’m not sure a lot of people followed through on it. Right? So now is a good time to do that. And then talk to your insurance carrier about A cyber insurance policy. It’s just smart, right? It’s like having insurance on your car. If you do have an incident or an event that occurs, you know, you’ve got some coverage there to help remediate the issue.

Mike Cromwell

So, let me ask you this, Brian. So many industries these days have compliance requirements, especially as it relates data protection, Privacy. Does that really fit into this category? Is it an umbrella kind of over – govern all this or both?

Brian DeVault

It fits everywhere, right. Because it affects everything you do on every device. But compliance is really more of a reporting exercise, than it is necessarily a certification exercise. So, it’s really about, do you have the controls in place? Are you enforcing them electronically? Do your processes and procedures support what the controls mandate? So, a lot of those would fall into here. But you could easily add compliance at the bottom of that.

Mike Cromwell

Of the items coming up here that we’ll be talking about in the weeks ahead, do you view this as really a foundation?

Brian DeVault

I think it starts here because in order to set out to achieve a goal, we have to know what that goal is. And I think this is where you’re defining that goal. So this is a great place to start. And like I said, there are a lot of templates available out there on the Internet through service providers. I’m going to tell you about another one on our next series of a good resource for one. But there are ways you can do this without having to go hire a lawyer, an author, a document.

Mike Cromwell

If you don’t have this in place today, how long and what’s the process look like to get..

Brian DeVault

To go create that?

Mike Cromwell

Those six items in place? Five, if you’re not in a compliance driven field?

Brian DeVault

I’d say if you have someone that can work on it, say 25% of the time, you could knock these out in a couple of weeks.

Mike Cromwell

And if you don’t have somebody on staff and you want to enlist an MSSP like a Netrio, how quickly can your team help a company put those in place.

Brian DeVault

It’s going to be much more quick than doing it yourself, because we have the templates to use. We’ve got the business experience. We understand how to apply them to different business models. And we’ve got just the background to get the documents created much more quickly.

Mike Cromwell

Excellent. Well, there you go, folks. First episode, diving deep into the elements of the security policy. Next week, we’re going to be talking about end user aspects, which we talked about in the last episode is of these areas, the hottest risk right now. And so we’re look forward to talking to you about that one. So stay tuned. Thanks for tuning in. And if you want to hear more different topics, type it in the comments below. Thanks so much for tuning in. Thanks.

Policies

This is an important subject because it adds a tremendous amount of value to an organization’s posture and it introduces the structure around what businesses say they are going to do and then forces them to follow up on it. You should have an information security policy, data security policy, acceptable use policy, and an electronic systems use policy. You can reach out to your HR team or a business consultant or an MSP to help develop any of these policies that your company may be missing.

An MSP can easily get these documents prepared for your business and ready for you to present to your team. Upon hiring, your employees should read these policies and understand them and be sure to follow through with these practices to ensure your business is in good hands and everyone is on the same page.

Procedures

Every company should have safe procedures that align with your business practice. For instance, if you are an office based business where employees sit at a desk in front of a computer, there should be a procedure for stepping away even for a quick bathroom break. Always make sure your computer or laptop is locked whenever you are not in front of it. You can hit CTRL, ALT, DEL, then hit lock. Make sure the password to unlock isn’t sitting around on a sticky note or anywhere else that is easy to access.

Regardless of the length of your company’s procedure plans, they should prioritize the areas of primary importance to the organization. That might include security for the most sensitive or regulated data, or security to address the causes of prior data breaches. An MSP can help highlight areas to prioritize in the procedures. The procedure plan should also be fairly simple and easy to read. Include technical information in referenced documents, especially if that information requires frequent updating.

Documentation

Everything about how you’re going to deal with data security needs to be written down. Information security documents should have all of your organization’s cybersecurity policies, procedures, guidelines, and standards. These documents should ensure the confidentiality, integrity, and availability of your client and customer data through effective security management practices and controls. These security documents are critical to proactively protect your data while maintaining compliance with both regulatory and customer requirements.

Consistent management of organizational and financial data with efficient information systems is a key to a successful business. The world these days revolves around the internet, which has its own pros and cons. Along with bringing connectivity, it also brings in security challenges to the organizational information. This raises the need to innovate and develop the information systems that are more secure and have no dependency on people and environment. An effective information system documentation will help your business with better planning, decision making and provide your desired results.

Business Continuity & Damage Recovery Plans

Your business continuity plan should focus on defining how your business operations should function under abnormal circumstances during a disaster or emergency. Meanwhile, your disaster recovery plan should focus on getting applications and systems back to normal after a disaster or emergency. Business continuity planning and disaster recovery planning both provide several benefits to your organization like people and property protection, morale boost, improved decision making and risk management.

If damage takes place to your business or if people are harmed, you’ll want to make sure the proper insurance protocol is in place. Make sure you assess your risks and think about what kind of accidents, natural disasters, or lawsuits could damage your business. Find a reputable licensed agent. Commercial insurance agents can help you find policies that match your business needs. A good idea is to reassess every year because, as your business grows, so do your liabilities.

This blog post is part of NETRIO’s weekly Whiteboard Wednesday series. Follow along on Linkedin and YouTube each week as Brian and Mike discuss use cases, new technology, and trends.

NETRIO
Solutions

Are Managed Services a Good Fit For Your Organization?

How To Create A Great Cybersecurity Posture From An Administrative Perspective

By: Brian DeVault

Policies

Procedures

Documentation

Business Continuity & Damage Recovery Plans

SOLUTIONS

COMPANY

KNOWLEDGEBASE

NETRIOSolutions

Are Managed Services a Good Fit For Your Organization?

How To Create A Great Cybersecurity Posture From An Administrative Perspective

By: Brian DeVault

Policies

Procedures

Documentation

Business Continuity & Damage Recovery Plans

SOLUTIONS

COMPANY

KNOWLEDGEBASE

NETRIO
Solutions