October is Cybersecurity Awareness Month. During awareness month, your email inbox fills with messages related to Cybersecurity. Reviewing the emails and reading blogs like this one are a good start, but passive participation is not enough.
For 2020, the focus of the month is #BeCyberSmart. This hashtag is a call to action for all. For business owners and individuals alike, this is a time to put a plan in motion to identify, evaluate, and secure your data.
If you or your company has a well-defined security program, take time to review policies, update your risk analysis, and review systems to ensure you are mitigating today's risks. October is also an excellent time to focus on user training and tabletop exercises to ensure staff knows how to respond to an incident.
For companies and individuals that are more reactive, it is time to stop reading and start acting. The first steps to a successful cybersecurity program are not complicated and will help get the program rolling.
Assemble leadership and start a conversation on the importance of Cybersecurity.
Identify an owner for your cybersecurity program.
Generate an inventory of the hardware.
Include network hardware (routers, switches)
Include computers (laptops, desktops, tablets)
Generate a software inventory and software you use.
Include device software, including operating systems and productivity software.
Include hosted, online software solutions
Generate an inventory of all the data your company owns. Use a spreadsheet to track the types of information you store and where you collect it. Remember to include analytics, data from emails, and databases.
Set up a call with a cybersecurity specialist to guide you on your journey. The specialist will work to review inventories, identify risk, and propose mitigations.
As you venture down the journey, remember that there is no single solution. Each company has different goals, data, and budgets. A successful security consultant and the program will take your needs into account.