Although every month (and week and day) at Kimmell Cybersecurity is Cyber Security Awareness month, the federal government declares every October National Cybersecurity Awareness Month (NCSAM), and sends out a series of guidelines for businesses to help them with securing their data.
The Department of Homeland Security has said “NCSAM “[…] is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.”
Here are your government’s 9 tips for increasing your business’s cybersecurity, slightly rearranged, and all of which Kimmell Cybersecurity is prepared to assist your business in doing:
First: implement an information security management system. A proper ISMS will include all policies, procedures, guidelines, resources, personnel, equipment, and everything else that is designed to protect your company’s data.
Next, run a data awareness inventory that is designed from the cybersecurity point of view, called an information security risk profile or information security audit. This is an activity that Kimmell Cybersecurity is exceptional at, and will always form the basis of any cybersecurity program. Every company is different, and has different security needs. You need a real pro to assess your security needs.
Third, implement five basic security controls. These are:
- Firewalls and internet gateways
- Secure system configuration
- Control of access to the system
- Malware protection
- Patch/ upgrade awareness and management
Four: Train, train, train, test, and train and test some more. Make cybersecurity a matter of employee habit.
Five: In reference to the above, implement a system of personal accountability for breaches of cybersecurity protocols. Reduce that system to writing and post it next to every computer.
Six: Beyond limiting system access, also limit physical access. Physically quarantine access to the system, including all desktops, phones, laptops, tablets, etc. If you haven’t gone completely paperless yet, or keep paper backups, make sure those are secured and have limited access. Once a physical document is scanned into the system, have a definitive process for destroying it.
Seven: Have and train employees to an incident reporting procedure. There are federal laws that require information breaches to be reported in a certain way. Make sure that this is part of the company DNA.
Eight: Have a definitive business continuity plan in the event of a breach that wipes out the company data or in the case of an emergency like a flood or fire. This includes data backup, both in the cloud and, possibly, physically, as well as, potentially, alternative disaster office space.
Nine: Obtain ISO 27001 certification, which is dedicated to cybersecurity. It may or may not prevent a breach, but it falls under “best practices” and may mitigate lawsuit damages (maybe—not giving legal advice here).
And ten—get to these thresholds by employing a dedicated cybersecurity firm—say Kimmell Cybersecurity—to handle all of this for you.
Better safe than sued and out of business!