Many small and medium organizations face a daunting challenge when forming a cybersecurity program for their organization. Cybersecurity is often viewed as an expensive and time consuming effort. However, there are some quick ways to begin working on cybersecurity fundamentals no matter the size, budget, or personnel you have available.
First, let’s define what a cybersecurity program is:
Generally, a cybersecurity program is a combination of processes, controls, policies, and plans for the organization around cybersecurity. To develop an effective program, your organization must view cybersecurity holistically. This means that the effort can’t be treated simply as another problem for the IT folks to fix. Instead, the cybersecurity program should encompass the entire organization including senior management and non-technical employees. To put it simply: cybersecurity is everyone’s responsibility.
Your program should also include regular training for everyone. This can take many forms including awareness training, seminars, workshops, or simply sharing cybersecurity news or videos on a regular basis. The key to success is that the training is relevant, engaging, and performed regularly. Forcing your employees to take the same tired online awareness course year after year simply won’t cut it in this day and age! Hackers are changing how they target us constantly, so should our training.
Start here:
Beginning a cybersecurity program can seem like a difficult task, with several areas to focus on. You might be asking yourself, where do you start?
The ancient Greek philosophers Socrates and Plato often used the maxim “Know thyself” extensively in their teachings. In terms of a cybersecurity program, knowing thyself means assessing and evaluating your cybersecurity posture. By first assessing your cybersecurity posture, you can then find gaps and prioritize next steps.
Evaluating your cybersecurity posture could start with a professional cybersecurity assessments like the ones offered here at TEEX, using free tools such as the CIS Controls Self Assessment Tool, or conducting your own simple survey of cybersecurity using another common framework. Whatever you do, ensure that your assessment covers more than the technology itself. Cybersecurity assessments must also examines policies, procedures, and the overall attitude or culture around cybersecurity in your organization.
We’ve created a free guide to help you start or improve your organization’s cybersecurity program. Download the free PDF guide here.
Andrew “AJ” Jarrett is the Applied Cybersecurity Program Manager at The TEEX Cyber Readiness Center where he regularly assists public and private organizations with developing cybersecurity programs. If you are interested in having your organization’s cybersecurity hygiene and risk evaluated holistically, click here to get in touch.