The calendar has flipped, and the new year is full of resolutions and predictions. Missing, perhaps, is actionable guidance that you can do on your own to navigate the concerns surrounding AI automation and international cyber threats. Cybersecurity is a fundamental matter, and the basics are well within our control. For example, the conscious use of Multifactor Authentication (MFA) prevents most instances of unwanted access to critical applications, and ignoring suspicious emails thwarts 9 out of 10 ransomware attempts.
In that vein, let's set aside the predictions of wild exploits and hacking monsters under the proverbial computer beds and count down to a better 2024 with a few obtainable goals that will greatly improve your posture, assist in your awareness of your systems and controls, and most importantly, can be done on your own.
Create a simple inventory of your information systems. This System Map should include your hardware (servers, desktops, laptops, printers, etc.), software (the applications you use to pursue your strategies and deliver services), and vendors (those you pay for the acquisition and use of those systems). Please feel free to email info@pelican3.net if you would like to be sent an example of what a System Map looks like.
Understand who has access to your systems. Establishing an access protocol of Least Privilege will ensure that people have access to what they need and nothing more. Breaches expand very quickly using access rights that are too broad, opening entry paths to more systems.
Now that you know what systems you have and who has access, document the data assets that are critical to your success or represent significant liabilities if lost, and where you expect them to be stored.
Insure the above assets at a level determined by a comprehensive conversation with your insurance agent. It's very important to include:
What do you want to be insured and what policies apply to that event? System repair, lost revenue, client notification, incident response, legal representation, data recovery)?
How much can you afford out of pocket before it materially impacts your performance and causes you to consider closing your doors?
Create two systems: one that has your sensitive data and one that has everything else. This can be done with policy and training and ranges from easy to complex. Not fully inclusive, but a good example of each:
Easy: Do not store information on your desktop or laptop hard drive. All your data should reside in the cloud (O365, Google, AWS, etc.). A loss of your hardware will not necessarily lead to a breach (assuming proper use of passwords and access rights are controlled). Encrypt your devices. Most devices allow this without additional expenditure.
Complex: Using firewalls and routers, along with data governance tools, identify your relevant data and restrict it to specific people/hardware/servers/applications. Spend the majority of your time and focus on securing this environment.
At Pelican3, we are not only a consulting and results-oriented firm; we are also teachers and advisors. If we can help you step into 2024 with a better understanding of what you can do for yourself, our entire business community will be better than it was in 2023.
Strategic Tech. Financial Growth. Harmonized. ©
Comments