Cybersecurity Management: Top Priorities You Need to Know

Top cybersecurity management priorities for CIOs in 2021
Top cybersecurity management priorities for CIOs in 2021

Cybersecurity Management: Top Priorities You Need to Know

In today’s business world, there is no way any significant business could function without a CIO. The issues that kept CIOs awake at night 40 years ago are dramatically different from those doing so with present-day CIOs. Way at the top of that insomnia-inducing list is cybersecurity management.

There are many priorities when it comes to cybersecurity management. We sat down with our CIO, Philip Rogers, to discuss the top priorities that fellow CIOs need to be aware of as they pertain to people, processes and technology.

People

Q: What are the top cybersecurity priorities when it comes to managing people?

Rogers: Keeping people informed of what is going on is a key priority. It’s a constant struggle to make sure that the user bases are sufficiently educated. Threats change. There are always potential new threats and threat vectors.

Q: Why is this so critical?

Rogers: Traditionally, the threat that people are most worried about when it comes to the workplace is phishing, where a message that comes in puts a nefarious link out there – when people click on it, it sends them to a bad place that does bad things. That is something that people have become more and more aware of over the last decade or so – which is great. However, there are way more threats out there. They are constantly updating. We could have the absolute worst security bug that has been seen in years come in tomorrow, and we need to ensure that people are taking it seriously when it does.

Q: What are the risks when security is not taken seriously?

Rogers: Strangely, the biggest risk is false confidence of the user base. How many times have I heard, “Don’t worry, we’ve got the best IT folks, so I’m sure they would have caught this” before a cyberthreat gets through. Cybersecurity is not handled by some magical fix in the background. It is an ongoing process that continually needs to be updated and modified. This false sense of confidence (say, because someone attended a security class 3 years ago) is actually more problematic than if somebody was just completely oblivious.

Q: Any final thoughts on cybersecurity management in regards to managing people?

Rogers: Have you heard that old joke in politics: “It’s not the crime; it’s the cover up”? The same thing is true with cybersecurity. You’ll have that moment when somebody clicks on something, and then it is immediately obvious that they should not have done so, and in typical human-nature form, they just wish it away. They start closing things down. Maybe they turn off their laptop. That doesn’t help. Tell us when something happens – it’s okay, you’re not going to get fired for clicking on something. However, someone could potentially get fired if they clicked on something inappropriate, then turned the laptop off and went home and didn’t tell anybody for two weeks. Let us know, and let us know right away, so we can fix it.

Processes

Q: What are the top cybersecurity priorities when it comes to managing processes?

Rogers: Making sure that cybersecurity is included in discussions around business processes as early as possible. Making sure that when documenting processes, there is a section that allows for IT security.

Q: How often should processes be reviewed?

Rogers: If somebody documents a business process, and then doesn’t look at it for 7 years, that is not a documented business process. A documented and managed process is something that lives, breathes, changes and is looked at differently over the course of the entire lifecycle of that process.

Q: How does cybersecurity factor into process development?

Rogers: Organizations need to make sure that IT security is one of the questions being asked from the get-go. As the process grows and develops, as it expands or contracts, does this expose us to different security threats? Does this reduce some security threats? Should we be looking in different places? Should we be doing different things? Should we be using different software?

Technology

Q: What are the top cybersecurity priorities when it comes to managing technology?

Rogers: Humans are the weak point. That’s always going to be the case. The other aspect to managing technology is to be aware of change. When things change, that’s when gaps get exposed. Make sure that you’ve got the proper cybersecurity toolkit available to you.

Q: What should be in this cybersecurity toolkit?

Rogers: Cybersecurity is a mindset. It’s an understanding of what’s going on. It might include tools, like anti-virus or endpoint protection or log-monitoring software – things like that. Make sure you have a solid understanding of the tools and constantly be evaluating those tools. Just because something is the right solution for a company today doesn’t necessarily mean it will be the right solution later on. The same thing goes for relationships. You might have a very strong partnership for an organization that’s able to handle and provide services for you when you’re smaller, but they can’t necessarily grow with you. When it comes to cybersecurity, all of the components of your solution need to morph over time with you.

Contact Protocol Networks to Get the Best Cybersecurity Management in New England

The team of experts at Protocol Networks understand just how rapidly and drastically technology is changing. Founded in 2000 with just two employees serving the Rhode Island market, today Protocol Networks holds a spot on the Inc. 5000 list of fastest growing companies and supports organizations globally. Protocol Networks knows IT consulting. Let’s connect today to see how Protocol Networks can support your cybersecurity management needs.

Securing a Remote World

man work from home
man work from home

Amid the pandemic, organizations like yours have been forced to shift teams over to a remote working model. Work-from-home (WFH) has meant continuity and stability this last year. But it’s also had a profound impact on digital security. According to this recent Malwarebytes report, 20% of businesses have faced a security breach that’s directly attributable to working from home. 

This is big: it’s a challenge we’re all going to continue to face through 2021. WFH is here to stay and so are the security threats it creates. Over the next 5 years, organizations worldwide are expected to lose up to $10.5 trillion to cybercriminals. With WFH spanning into the long term, a big chunk of that risk is coming from your workforce. What can you do to reduce this threat and take back control of your WFH cybersecurity? 

Work-from-Home Isn’t the Same as Work-from-Anywhere – It’s Time for a Rethink

Over the past decade, the world’s gradually been moving towards a work-from-anywhere model, thanks to faster, more reliable internet access, a host of new collaboration tools and changing personal priorities. Work-from-anywhere was an endpoint we were building towards, through SharePoint, Teams and video conferencing. 

WFH resembles work-from-anywhere, but it’s not the same thing. Between the pandemic, lockdowns and immense uncertainty, organizations across the world were forced to cobble together a work-from-home strategy with little warning and next to no time to prepare. WFH is, in many ways, a preview of work-from-anywhere, but without the solid foundation and best practices to keep you secure.

Security: the key difference

The biggest point of departure between work-from-home and work-from-anywhere is in terms of security. In the future, work-from-anywhere will likely be backed by universal, AI-based security protocols that ensure data safety, regardless of the network or device you’re using.

Right now, though, work-from-home means that your team members often use unsecured devices on unsecure networks, leaving your organization wide open to hackers. How do you ensure robust work-from-home security in the here and now? It’s time for a rethink. 

Back to the Basics: Rethinking Your WFH Security 

There’s a massive gap between your security posture in-office and the security of your work-from-home environments. What can you do to bridge that gap? You need to go back to the basics by adapting the fundamentals of your in-office security to work-from-home environments. You’ll also need to rethink approaches to your postCOVID workforce. 

Leveraging MFA and IAM

From a security and policy perspective, there is a lot you can do: enabling MFA (multi-factor authentication) is a great way to get started. MFA ensures that, even if some credentials are compromised, an extra layer of verification lies between your team members and sensitive data and apps. 

You’ll also want to ensure strict IAM (identity and access management) policies through Active Directory or other solutions. This will help guarantee that your team members always precisely have the right amount of access to sensitive data and applications that they need to get the job done. This brings us to rethinking your approach to an evolving, postCOVID workforce. 

WFH Security and Your Team

The current pandemic situation is a shared experience. Everyone – you, your clients and your team – are going through this unprecedented situation. This means that the things your team members do and, just as important, how they feel can have a tangible impact on your business outcomes

WFH is a less monitored environment than your office. It’s not just oversight that missing, it’s interpersonal relationships – that trust and rapport your team builds around the water cooler. When that’s no longer part of the equation, you need to rethink your approach to the workforce to ensure productivity and security. 

HUMINT and threats from within

When working from home, your team is subject to a whole range of HUMINT (human intelligence)-based attacks. Phishing, vishing and SMShing are just the tip of the iceberg here. Creative cybercriminals will leverage the “weakest link” factor to extract passwords and sensitive data from your team when they’re at their most vulnerable – at home. 

An even bigger workforce challenge, however, comes from within. Work-from-home has profound implications for your workforce morale and on factors like individual accountability. Moreover, employees have far greater autonomy when they’re working from home – disgruntled or demotivated staff members have the time and space to make decisions that put your business at risk or even harm other team members. There are preventive measures you need to take. Read through the steps that we recommend you take here.

Team building is critical

You need to recognize the signs of burnout and proactively work to ensure that team members feel like they’re still part of the team, even when they’re at home. You need to take steps to strengthen rapport: think beyond team-building exercises and pep talks.

You also need to be able to respond if and when disgruntled remote employees take harmful steps from within. A solid identity and access management solution is the key part of the puzzle. But in the event of an internal security incident, cyber forensics and tracking capabilities can help you quickly trace the path to ensure accountability. 

What Does All This Mean? Building an “Inside-Out” Security Model

From employee morale and security to data breaches on home networks, WFH introduces a whole set of new challenges for your organization to address. At a strategic level, the best way to solve these challenges and succeed is by realigning your security thinking. In pre COVID times, an “outside-in” approach was standard, with your security team focusing on external threats. 

In today’s post COVID world, you need to build an “inside-out” approach to your cybersecurity. That means ensuring that you start with a secure IT backbone, using best practices and thinking through the security of each solution as you build your network.

At Protocol Networks, we work with you to comprehensively identify the vulnerabilities in your existing WFH infrastructure and the gaps in your security so that you can build on a secure starting point. We’ll also help re-engineer your workforce approach to ensure collaboration and productivity, while minimizing threats from within. Protocol Networks can help you build robust security at a time when it’s more important than ever. Reach out today for a free consultation to discuss what is and isn’t working in your current setup.