Security—where do I start?!
Oh, man. Security. Where do we start? Despite all the hacks and attacks we read about weekly, how many of us use this topic to practice our procrastination skills? Nothing encourages the “I’ll do it next year” attitude like not knowing where to start. “Do I actually need a password policy? Is it necessary to use Multi-Factor Authentication? My budget isn’t very big; should I start with a backup plan or an incident response plan? I barely even know what these things are!”
Don’t panic. There is a method to this madness. Every company, no matter how small the budget, can have an effective physical and cybersecurity security strategy using these 3 simple steps.
Step 1: Identify Your Assets
The first step to creating a tightly focused, effective security strategy is to identify your most important assets. What are you trying to protect? For schools, the most important asset is the students, so schools will put in most of their effort to securing their student’s physical and emotional safety. For a hospital, the most important things to protect might be life-support technology and patient records. Important side note: certain industries are regulated by state and federal laws. It is critical to know what your legal obligations are to protect your clients’ personal information and safety. These laws will help you decide what is important for you to protect.
Step 2: Identify Your Threats
Now we need to brainstorm what are the biggest threats to those assets. What threatens a student’s emotional and physical safety? You might come up with misuse of computers, bullying, and active shooters. A hospital would identify technology failure and malicious hackers. If you are located along a coastline, you might identify a hurricane as a threat.
Step 3: Identify the Impact and Likelihood
The last part of creating a focused security strategy is to determine the impact the threat could have and the likelihood that a threat will actually harm an asset. A hurricane would have an incredibly high impact on an organization. But if the organization is located in Arizona, the likelihood of a hurricane is, well…zero. A ransomware attack would have a pretty high impact on an organization (shout out to Flagstaff), especially if they didn’t have a backup strategy. Since ransomware attacks are happening quite frequently (quite frequently, as in, one every 14 seconds), it’s safe to say the likelihood of this happening to anyone is high. Since the impact is high, the likelihood is high, and the asset is critical (computers and the sensitive data they store), this is a high risk. Now we can say with all certainty that ransomware protection would be a good first item in your security strategy!
If you follow these steps, you will be well on your way to creating a well-informed security strategy. You don’t have to walk around blind, wondering where to start. What a sweet relief!
If you’re interested in us doing this process for you, give us a ring at 602-445-6101 or email Jim to set up a time to talk and learn more.