With the significant spikes in cyber-related attacks this past year, many executives think that you need to spend more money on IT solutions in order to become more secure. This perspective is reinforced by the increasing number of IT security providers that leverage incidents covered in the media to sell more of their products and services.
Most of the tools and services available on the market today are valuable. However, spending more money on a variety of solutions does not necessarily mean you will achieve significant results. In fact, having fewer tools in your tool chest could actually make your organization more secure!
Regardless of the variety of advanced security related tools on the market today, there are a number of key fundamental practices that need to be in place in order to ensure your organization’s tools and services will have their intended impact:
- Asset Management Practices – Knowing exactly what IT components you have is the most fundamental element for cyber security readiness. You need to have an updated document of all hardware, software, and IT components, including important details such as latest builds, versions, patches, and serial numbers.
- Policies & Procedures – It’s crucial to have an updated set of acceptable IT policies and procedures for employees and vendors, as well as applicable business continuity and incident response plans that are tested and tweaked periodically.
- Employee Training & Validation – Making sure employees are trained on the latest policies and procedures and are aware of recent industry threats are important elements of maintaining good cyber hygiene.
- User Accounts & Access Controls – Ensure inactive user accounts have been removed from your systems. And, establish proper user access controls using the “Principle of Least Privilege,” meaning that users should only be able to access the systems, devices, or application features that are absolutely necessary in support of their work.
- IT Management Practices – Standardizing your IT systems (such as the brand and model of your machines), committing to planned hardware upgrades once every few years, and updating software applications regularly will reduce your overall IT expenditures. This will also allow you to avoid using older and unsupported system components, which will significantly reduce your cyber-related risks.
Organizations that heavily focus on addressing the above factors end up being in a much better cyber-ready state compared to those that implement many advanced tools but are lacking excellence in these areas. When these fundamentals have been addressed, additional tools and services – when selected with care and proper due diligence – can enhance an organization’s cyber readiness and place them in the “highly prepared” category, a designation that the majority of today’s organizations are striving to achieve.
Sassan S. Hejazi can be reached at Email or 215.441.4600.
You may also like: