Three Steps to Taking Control of Cyber Risk

At the end of each year the Internet is flooded with cyber crime predictions and trends for the year ahead. The general theme remains the same each year – cyber security attacks are on the rise, but companies and consumers are failing to keep up.

For many organizations this means a lot of boardroom handwringing. At Corax we’ve identified three key steps that all businesses should undertake in order to help them prevent and prepare for a cyber attack.

Step one – Get to grips with your security

  • Make an asset inventory and allocate asset owners. This will help you identify the key assets in your business and establish who is responsible for their maintenance and security.
  • Evaluate and document every asset in terms of its function i.e. what data it stores, who has access to it, how business critical the asset is, and what security mechanisms are currently in place to protect it.
  • Derive and implement appropriate security controls where they are not currently in place.

Step two – Create an incident response plan

Irrespective of how robust your security is, an incident response plan is essential. With the right policies, procedures and communications in place you can do a lot to minimize loss and damage.

  • Create an incident response procedure that is appropriate to your organization’s size and maturity. You might consider drafting different response plans for different types of critical assets.
  • Establish a cyber incident response team (CIRT) and make sure they understand their individual roles within your incident response plan. Note – your CIRT should include legal, PR and upper level management, as well as technical staff.
  • It is essential that you manage communications seamlessly. Consider appointing a communications manager within the your CIRT to be a conduit for all communication.
  • Create a centralized communications platform that everyone in your CIRT can access and thoroughly document as you go.

Step three – Communicate responsibility at all levels

Not everyone in your organization has to worry about encryption, disaster recovery, or network segmentation in their day-to-day duties, but every individual does have some part to play keeping your company secure.

  • Make sure everyone in the organization understands the level of exposure that their particular role carries.
  • Provide appropriate training to fill any skill gaps.
  • Benchmark performance and monitor for improvements in security awareness.
  • Incentivize teams for good security performance.

Unfortunately the threat of a cyber attack on your business is very real. Prevention and preparation needs to be a fundamental part of every business strategy and top of every boardroom agenda. If you’d like more information on cyber security or Corax’s Software as a Service (SaaS) security operations, analysis and reporting tool, get in touch today.