How to Control Cyber Security Threats on a Budget
Recently, I had the pleasure of speaking at Gifford School in Weston, Massachusetts to talk about ‘Cyber Risk Security’. The Massachusetts Association of Approved Private Schools (maaps) put together this presentation and asked that I focus on the most frequent and likely cyber security threats applicable to the private school environment. I presented on those elements as well as the “best bang for your buck” security controls your organization can use to mitigate the risk from those threats, covering both the technical and human aspects of security.
Before an organization can create a secure environment, it is important to understand the basic security facts. Let’s begin with PICNIC – Problem in Chair, Not in Computer. Almost all security issues begin with human error. Computers don’t make mistakes, people do. And while it is impossible for an organization to be 100% secure, your goal is to have enough controls in place to make it not cost-effective for the bad guys to go after you.
Here are some most effective controls to help keep your organization secure:
- Backup – With costs of disk space and online backup options plummeting, there is no excuse not to have backup. Enforce centralized file storage and backup bulk of your data locally, and important data – securely in the cloud. You MUST test your restore process periodically. If you don’t test it, you don’t have backup.
- Filtering – Filtering can be cheap to expensive depending on the level your organization needs. For a basic level, you can set web browser filters. Web browsers have some say on what you can access or what you can’t. You can set company-wide filters so your employees aren’t able to access malicious sites.
- Password Management – It is important to set good passwords on all of your devices, especially your mobile devices. Use reputable password management tools to help avoid password reuse.
- Security Training – It is crucial that your organization provides frequent security training sessions for employees. This training will improve security culture and reduce the probability of successful malware attacks. Training also improves resilience to social engineering.
- Outsource – Most organizations don’t need to afford full-time IT Security employee. Outsourcing is very beneficial and can often times be more cost effective.
These are just a few things that your organization can do to be more secure. If you feel as though your organization is not where you need to be in order to protect your information and data, then it’s time for a conversation with us.