Blog / Building a Cyber Defence Strategy – It is not as Difficult as You Might Think it is…
Many newsletters I’ve written are not about new or revolutionary Security ideas. Passwords are a topic I touch on fairly often and the advice I give is much the same as other experts in the Computer Security field. Ransomware is another common subject. Again, the things I’m saying are the same ones other people are saying (it’s good advice and I hope I present it in a useful manner.) So, this week I figured I would talk about another bit of advice. For any organization that actually cares about their Electronic Security, this is vital.
What I’m writing about is coming up with a “Cyber Defence Strategy’” for your outfit. This phrase gets thrown around a lot, but what does it actually mean? Well, simply put, you need to come up with a useful plan, in order to coordinate your defences. Putting in Antivirus and a Firewall is not a plan; that is normal.
Hence, the big question is: How do you go about coming up with a “Strategy”? It’s not complicated, but it does involve a bit of work. Now it’s worth mentioning that a lot of places outsource some, or all, of their IT to an MSP (Managed Service Provider.) TRINUS is an MSP provider. Thus, what I will do is try and put the various parts of this plan into perspective, in terms of responsibility. Essentially speaking, it is not the obligation of your MSP to come up with a plan for you; it’s your organization’s duty. However, if you don’t have an in-house IT person, you will likely need input from your IT provider, to receive useful information.
Step 1) – What important information does your organization keep records of? By “important”, I mean a few things:
Anything that is needed to actually run your business. I’m talking about things like purchase records, employee details, customer information, that sort of thing. When you come up with this plan, you will need to know all aspects of your business, so do make sure that you communicate and speak to the managers in every department, in order to get a complete picture of the sort of information that each department needs, so as to function properly.
Anything that could be considered a “trade secret” or “intellectual property.” This sort of information is important, because it belongs to the organization. Losing it could result in damage to the company’s business (since competitors could get their hands on it.)
Anything that the organization could get in trouble for, if it were to get out. I’m talking about data that is subject to regulations, like Healthcare data, Personally Identifiable Information, that kind of stuff. Every company in Alberta should be familiar with PIPA and what it covers, since it applies to every outfit that operates in this province.
Step 2) – Identify how this important information is currently being stored and protected.
Look at everywhere you’re storing important information and documents. Maybe it’s receipts for bill payments, or tax records. Whatever it is that’s important to the organization, figure out what you are doing to protect it. This includes any and all policies, procedures or measures that you have in place to safeguard this information. The purpose of these two steps is so that you understand what important information you’re storing, how you are storing it, and what you are doing to protect it.
Step 3) – Find additional, reasonable, means of protecting this information.
There’s always more you ‘could’ be doing, but budgets and time are both finite. At this point you should have a complete picture of your defences, so it’s time to find weaknesses and address them. If you have important paper documents, then you need to find ways of keeping them safe. If you can’t think of how to do that, find someone who’s got more experience in that area and ask them. If the information is stored on a computer, then you need to talk to someone with the knowledge of finding ways to safeguarding it.
This is how you develop a Cyber Security Defence Strategy. You identify what you are, how you are protecting the information, and what you can do to shield it better. What you need to do depends on what you want, and need to protect, as well as what you’re currently doing to do so. An MSP can’t tell what on your computers is important, but they can help you better protect it. It’s important to document along the way, so that you have a record of what you found that was important and the decisions that were made.
To once again quote William Shakespeare, this time from “Love’s Labour’s Lost”, Act V, Scene II: “Muster your wits. Stand in your own defence or hide your heads like cowards and fly in your own defence.”
If you have questions about Monitoring Your Computer Equipment, please reach out to your TRINUS Account Manager for stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.