Practical Approach to Developing a Cyber Risk Strategy

by Katherine Bodendorfer

At stadiums and train stations, there are often signs warning people to watch their step on the steep staircase or stepping over gaps on the platforms. Companies should consider a similar approach regarding the gaps in security. Risks to your revenue and reputation expand when sensitive information or online transactions are not provided basic protection.

Today all companies and organizations need to identify their key cyber risks and put foundational best-practices in place. Kicking off a cybersecurity policy that addresses risks and action plan should start with some of the following in mind.  

What is Cyber Risk?

Cyber risk is defined as any kind of risk to finances, reputation or information technology systems of an organization as a result of cyber threats. Such risk result from a lack of end to end visibility of an environments, overdependence on third-party consultants, errors from traditional technologies, and increasing data challenges.

To address risks, cybersecurity policies are created to help formulate a strategy. Such strategies can range in size from a single page to several documents and can cover anything from physical security, to data security, to IT business practices.  It assesses the relative value of your data assets and online communications that are critical to your business. Some of the typical issues covered include:

-handling and storage of critical data

-guidelines for acceptable use of devices and online use

-clarifying what information can be shared

-assigning decision making and active roles in the case of an event

Where to start?

Ensure your company is operating within the law of the state where you operate or do business. This includes keeping up with data security laws. The National Conference of State Legislatures provides a general comparative overview of some these laws.

With the rising cost of data breaches, small companies are in particular peril of facing a potentially business-ending event. User behavior, or employee activity within a network, is consistently ranked as one of the highest risks to your organization’s security posture:

  1. Describe how to detect phishing and other scams and how to report incidents.
  2. Review password requirements, including how to develop a unique password, how to store it correctly, and how often they should be updated.
  3. Explain how to handle email attachments, and how to engage with outside emails. Require that devices and screens must be locked down when left unattended.
  4. Outline which systems are the most critical to your infrastructure and ensure you identify who is in charge of protecting those system.
  5. Include what kind of program to implement (i.e., a layered approach in which endpoints are protected by antivirus, firewall, and anti-malware software).
  6. Include a section that explains how to back up data, apply updates and patches, and how to report lost or stolen devices.

Through all of this, employees must take an active role. A robust policy can help get buy-in from the top-down, which will help obtain your cyber security plan objectives.

Other Helpful Resources:

-Prepare a cybersecurity incident response management plan

-Security Guide: Keeping Your Business Safe Online and Off

-Information Security Policy Templates

-Cybersecurity Policy Handbook 

To seek further help, contact a WhiteHawk specialist today and we can help point you in the right direction to creating a cybersecurity strategy that addresses risks, is robust, easy to understand and affordable to implement.

 

Recommended Posts
WhiteHawk

Our virtual magazine, with one pagers on each company/solution is consistently formatted so you or your team can easily review them and find…

The Cyber Wire

See Rick Howard discuss the concept of cybersecurity first principles and use this to your advantage in building your…

Malachi Walker

Applying artificial intelligence in our everyday lives necessitates a perspective on how we are educating and learning about its capabilities.