Cybersecurity First Aid Kit: Four Steps to Recognize, React and Recover from a Breach
CBIZ & Mayer Hoffman McCann PC
Description
Cybersecurity First Aid Kit
Vendor security practices need to be considered during
the routine cyber risk assessment as well. Companies
often share information with their vendors and third
parties electronically, and this exchange has been
shown to be vulnerable to cybersecurity incidents.
When meeting with a new vendor or third party,
companies should include that vendor’s cybersecurity
protocols in the conversation. If a vendor’s cybersecurity
approach is not well-developed, then data exchanged
with that vendor are more vulnerable to risk. The
company should consider implementing controls to
compensate.
Social engineering exercises are also recommended.
In many cases, companies’ weakest security link is
protection against internal threats.
An organization’s cybersecurity awareness can help reduce the threat of someone within the organization accidentally or intentionally allowing unauthorized access to valuable information. Employees at all levels should be aware of some of the common unauthorized entry points to the organization’s electronic data and what they can do to prevent a breach from occurring. The Best Defense is a Good Offense The current environment indicates that companies should not consider unauthorized access to data an “if”; rather they should approach it as a “when.” Having a proactive, robust plan in place can help minimize the potential damage from a breach and get your organization back on track more quickly in the wake of a disruptive event. Don’t go at it alone. Five Ways to Be Proactive with Cybersecurity 1.
Accept that security will be compromised 2. Consider cyberliability in all activities 3. Focus on critical information assets 4.
Be prepared to respond 5. Get the basics right Once the primary vulnerabilities and risks have been ranked, companies need to implement robust control activities to ensure that the organization operates as it should and high-value data are protected. Cybersecurity-related activities should include logical/ physical access controls, change management procedures, network monitoring, vulnerability assessments and penetration testing, mobile device strategy, incident response planning, anti-virus monitoring and user training. The more control activities in place, the more likely it is that risks will be mitigated. 1-866-956-1983 • www.cbiz.com/cybersecurity @CBZ company/cbiz © Copyright 2016.
CBIZ, Inc. NYSE Listed: CBZ. All rights reserved. 5 .
An organization’s cybersecurity awareness can help reduce the threat of someone within the organization accidentally or intentionally allowing unauthorized access to valuable information. Employees at all levels should be aware of some of the common unauthorized entry points to the organization’s electronic data and what they can do to prevent a breach from occurring. The Best Defense is a Good Offense The current environment indicates that companies should not consider unauthorized access to data an “if”; rather they should approach it as a “when.” Having a proactive, robust plan in place can help minimize the potential damage from a breach and get your organization back on track more quickly in the wake of a disruptive event. Don’t go at it alone. Five Ways to Be Proactive with Cybersecurity 1.
Accept that security will be compromised 2. Consider cyberliability in all activities 3. Focus on critical information assets 4.
Be prepared to respond 5. Get the basics right Once the primary vulnerabilities and risks have been ranked, companies need to implement robust control activities to ensure that the organization operates as it should and high-value data are protected. Cybersecurity-related activities should include logical/ physical access controls, change management procedures, network monitoring, vulnerability assessments and penetration testing, mobile device strategy, incident response planning, anti-virus monitoring and user training. The more control activities in place, the more likely it is that risks will be mitigated. 1-866-956-1983 • www.cbiz.com/cybersecurity @CBZ company/cbiz © Copyright 2016.
CBIZ, Inc. NYSE Listed: CBZ. All rights reserved. 5 .
