Tennis player Arthur Ashe once said, “Start where you are. Use what you have. Do what you can.” Adopting this mindset is key to securing your business.
As a business owner or stakeholder, you know that cybersecurity is an important part of protecting your business to keep it running. But when it comes to taking steps to secure your business, you may not know where to start or what to do. This blog post will provide you with some guidelines to help you increase your cybersecurity posture, no matter where you are starting from.
Start Where You Are: Assessing Your Current Cybersecurity Posture
When it comes to cybersecurity, it’s important to start where you are. That means assessing your current cybersecurity posture and understanding the risks you face. This can be done by conducting a security assessment of your systems and networks. This should include an assessment of your current security policies, procedures, and technologies, including a complete inventory of all assets, operating systems, and applications. It should also include an evaluation of your current security posture, including identifying any vulnerabilities or weaknesses that could be exploited by malicious actors.
Once you have a better understanding of your current security posture, you can begin to identify areas where you need to improve. For example, the assessment may show vulnerabilities related to unsupported or misconfigured operating systems or applications. Now that you are aware these exist, you can take measures to eliminate or reduce the risk these vulnerabilities pose.
Use What You Have: Leveraging Existing Products and Tools
Once you have identified areas where you need to improve your security posture, you can leverage existing products and tools to harden your systems and networks. A good starting point is to refer to vendor best practices or third-party guidelines like the Center for Internet Security (CIS) benchmarks. These will show how to implement good security practices by hardening configurations and explain why these changes should be made. For example, you may have now discovered that Active Directory is susceptible to attack because best practices haven’t been followed. Now that you are aware, you can take steps to implement best practices by utilizing the tools you already have available and following vendor guidance.
Here are some ideas on other ways to use what you have to increase your company’s cybersecurity posture:
- Ensure that endpoint protection is installed and properly configured on all assets
- Upgrade and patch Operating Systems
- Implement a strong password policy
- Segment networks with firewalls or access control lists
- Enforce MFA on all systems that support it
- Use tools provided by the vendor – for example, if using M365, utilize Microsoft Secure Score
- Review system health and logs regularly
- Ensure backups are working correctly and meet business requirements for recovery needs
Do What You Can: Implementing Additional Security Measures
Once you have assessed your current security posture and leveraged existing products and tools, you can start planning to implement additional security measures. This could include implementing multi-factor authentication, encrypting data at rest, adding email security, or educating users on cybersecurity awareness.
Now is also a great time to learn more about cybersecurity to help understand the risks and potential impacts your business could face during a cybersecurity event. There are tons of free resources including podcasts like Darknet Diaries, YouTube channels such as SANS Institute, and conferences like Keller Schroeder’s next Technology Vendor Summit in 2023!
By taking the time to assess your current security posture, leverage existing products and tools, and implement additional security measures, you can help to ensure that your systems and networks are secure and protected from malicious actors. If you’d like to discuss any of these suggestions in more detail or to see how Keller Schroeder can help you on your cybersecurity journey, please feel free to contact us!
If you need any assistance with understanding the details within the advisory, understanding your current cybersecurity posture, your preparedness for a breach, or any other cybersecurity topic, we would love to have a discussion with you. Contact us today, and let’s chat about your environment and ways to lower your chances of becoming a victim of cybercrime.