It has become abundantly clear that some members of the management team simply do not know enough about cybersecurity and that their Chief Information Officers and Chief Information Security Officers do not always provide them with an accurate portrait of the cyber risks which their company is facing every day. Other executives appear to be suffering from a “knowing” versus “doing” gap.
Learn about the top 10 things you should do about cybersecurity.
Ten Things Management Should Do about Cybersecurity
- Ensure everyone in the organization from the top-down receives appropriate cybersecurity education and awareness training.
- Hire an independent company to conduct a cyber risk assessment (SOC for Cybersecurity) against government regulatory compliance requirements and industry standards to identify potential gaps in your company’s information security policies, processes, plans, and procedures. Learn about Hancock Askew’s Cybersecurity services.
- Verify that periodic penetration testing by certified Ethical Hackers is being conducted to identify potential cybersecurity vulnerabilities in your organization’s information systems.
- Require a timely and effective software patch management program be implemented by your Information Technology team to mitigate known security vulnerabilities as quickly as possible.
- Ensure the organization has 24/7/365 monitoring, detection, and response capabilities for its information systems.
- Verify the organization has an appropriate cyber breach incident response plan, including the policy and procedures related to ransomware attacks.
- Hire an independent firm to conduct a cyber liability insurance coverage adequacy evaluation.
- Establish information security key performance indicators (i.e. number of cyber-attacks, number of data breaches, network uptime, network downtime, cost of cyber breaches, cost of cyber insurance, cost of information security as a percentage of total company IT cost, etc.).
- Ensure your company has well-documented and periodically tested disaster recovery and business continuity plans to quickly recover lost or stolen data to mitigate potential damages of cyber breaches.
- Mandate additional layers of information security via encryption, multi-factor authentication, and highly restricted access to your company’s most valuable information assets.
From our consulting experience and research, we understand that many executives are well aware of the cyber risks, but for one or more reasons, often short-term financially motivated, they are choosing not to do what needs to be done in order to reduce the probability and/or impact of a cyber breach in their organizations. Contact our team of experts to learn how we can work together prevent cybersecurity issues.