A strong Cyber Security involves many overlapping systems. Each system relies on the other systems for added strength but can also stand alone. Often the deployment of a full set of Critical Security Controls (CSC) is an expensive and time consuming undertaking.
What can an IT manager with a limited budget and manpower do?
For a moment, I’ll neglect the obvious firewall and user training components. Below is my priority list for first steps in securing your company infrastructure:
1. Application whitelisting
2. Use of standard, secure system configurations
3. Patch application software
4. Patch system software
5. Reduced number of users with administrative privileges
Need help? Tracc Development, Inc. will work with you to develop a strategy to achieve a stronger cyber-security posture.
According to a recent article in The Hill by By Morgan Chalfant. “…roughly three-quarters of business owners said that they believe their businesses are unlikely to be affected by a cyber-attack.“
This begs the question: Why do you think that way?
We fly under the radar
It takes about an hour to scan all Internet addresses. All 3.7 billion of them! So, assuming there are only 3600 hackers out there (trust me, there are more) that means you will be found in a matter of seconds! Obscurity is not really a great defensive strategy.
We don’t have any useful information
I hear this one a lot and usually it’s not true. Did you know that California has stricter notification requirements than the federal government? Some organizations have legal reporting requirements if name, address, and phone number are compromised. Do you have a client or customer list anywhere? Do you keep credit card information for customers?
We use SaaS providers so security is their problem.
First of all, there are security holes in some of the largest cloud based solutions out there and an analysis of risk for each tool is a subject for future articles. The fact is that user behavior is probably your biggest weak-point. How well is your staff trained; how often? An analysis of a common cloud based file share showed that over 15% of files in the cloud contained sensitive information like credit cards, company salary information, password files, etc.
Cyber-security is a serious problem that requires serious attention from business leaders. If you think you have good security, find a cyber-security expert to come in and test things. You will likely be surprised (and probably embarrassed) by what they find.
These sorts of initiatives are very helpful. Many of the nations key industries have industry specific groups like this that are very helpful. I'm following this to see if it turns into something that small-mid sized businesses can benefit from.