The following was published in the October 15, 2017 editions of Seacoast Online and Fosters.
The title of this column is the theme for this week during National Cyber Security Awareness Month. In my last column, I wrote about National Cyber Security Awareness Month and its importance.
Each week has a different theme and I’ve been blogging about it daily on my blog at www.mjshoer.com.
The fundamental premise of this theme is understanding the NIST Cybersecurity Framework. NIST is the National Institute of Standards and Technology. The Cybersecurity Framework is the closest we have to a national standard for cybersecurity. The framework contains five steps to manage the risk. They are 1. Identify, 2. Protect, 3. Detect, 4. Respond and 5. Recover.
Identify focuses on assessing the cybersecurity risks to your business. Key to this is identifying the “crown jewels” of your business. This is the data associated with your employees, customers and other intellectual property. Identifying and documenting this data is one step. Another is to know where this data is stored and who has access to it. It’s important to consider the principal of least privileged access, only providing access to this data to those employees that require it to do their jobs.
Protect is about safeguarding the digital assets you identified in the first step, Identify. Protection involves securing the network from both external and internal threats. In addition to hardware and software security solutions and services, proper protection also involves training. It’s imperative to make sure your staff is educated about the cyber risk your business faces every day. Another key concept of protection is cyber hygiene. This encompasses using strong passwords, not reusing passwords, using multifactor authentication and more.
Detect is about knowing if you have a problem as quickly as possible. If you have been reading about many of the recent high profile data breaches, you know that many of them had vulnerabilities that existed for months before the company became aware. To properly detect these vulnerabilities you need to understand the threats that apply to your business. You also need to have the right tools and services to detect these threats and having appropriately skilled personnel who can interpret the warning signs.
Respond is all about how you address a threat when you detect it. In today’s world, even with appropriate controls in place, incidents still happen. When they do, you need a well thought out plan to respond to it. This includes resolving the incident as quickly as possible, identifying what data has been impacted and keeping the business functional throughout the incident. Having a well thought out communication plan is critical. It should include notifications to employees, customers and the public, including who is authorized to communicate with these audiences. Finally, you need to know if you are covered by any laws and reporting requirements related to this type of incident.
Recover is the last step in the Framework. Recovery follows the incident response and also requires a well thought out plan. Recovery is about understanding what lead to the incident and preventing a recurrence. However, recovery goes well beyond these obvious steps. It involves making sure you have the right cyber education plan for your employees and implementing the right monitoring and metrics to measure your cybersecurity posture to ensure that your business maintains a cyber-aware culture to keep your digital “crown jewels” safe.
There are excellent resources available online to help you protect your business. Visit www.staysafeonline.org and www.stopthinkconnect.org and take advantage of the wealth of free resources available to help you get started. Be cyber-aware and help protect your business.