Be informed, be secure
Written By: Cory Rutten, Security Account Manager
If you are like most of the business owners we talk to these days, you’re likely overwhelmed with trying to effectively secure your data. We still encounter organizations starting their security from square one on a fairly regular basis, and we know it’s not an easy task. It can be tempting to get caught up in the single solution that attempts to solve all your problems with a flashy dashboard. Unfortunately it’s just not that easy, but it doesn’t have to be astronomically complicated and expensive either.
It’s no secret that Infogressive preaches a layered, defense-in-depth approach to keeping your network secure. We’ve laid out the four steps we recommend the most often if you’re starting down the path of securing your network.
Steps to Your Cybersecurity Strategy
1. Brainstorm Your Strategy
How do you know what to do first, or next, without identifying a security strategy? Coming up with a strategy typically involves outside help with expertise in cybersecurity. More often than not, excluding an industry expert from this stage of the process will end up leaving the company with an expensive shiny new product that doesn’t necessarily minimize risk or improve their security posture.
At Infogressive, we see this scenario quite often where Company X purchases a solution that turns into shelf-ware or even increases risk to the organization due to lack of knowledge in security best practices, improper/incomplete configuration, and most importantly a lack of training on how to properly administer and maintain the solution after implementation. How many of you have something like this in your environment, old or new, that you aren’t sure what exactly it does but you know it’s working and it was the best solution money could buy? Yeah, we’ve all been there. Let’s talk about how to avoid going down that path again.
2. Assess Your Current Infrastructure
Unfortunately I can’t give up the Infogressive secret sauce in one blog, but what I can tell you that we have a tried and true method to facilitate an expert technical security risk assessment of your environment that will provide recommendations to implement a long-term strategy of continuous improvement.
We provide this through our Rapid (or Health/HIPAA) Risk Assessment (RRA/HRA) framework delivering your organization a metric based scorecard within a very detailed report in an understandable format. The RRA/HRA is designed to be completed quickly to allow for minimal disruption in day-to-day operations. The goal of this step is to identify current gaps, advise on how to properly eliminate them to minimize risk, and begin development of that strategic plan.
3. Develop a Plan
This is where the fun begins and is also a very important step upon completion of the assessment. It’s now Monday morning and you are ready to tackle that scorecard with guidance on what you can do to improve the environment. During the assessment review, you took great notes on what can be done immediately that will generate some quick wins for the organization, and you now have the start of a plan. Remember, that assessment scorecard is in order of priority and will guide you through the process of maturing that plan you are now writing up. I can tell you that most organizations typically score low because of something I mentioned earlier on, lack of knowledge in security best practices.
The best part is that you now have a report that explains to you why that item is important and how the bad guys can use that metric to take advantage of your environment! Always keep in mind that your goal is to improve the organizations security posture by minimizing risk. You may not have the budget nor be able to mitigate all of the metrics identified so build it into your organizations long term plans of continuous improvement and start implementing that strategy! If you are not comfortable with building that plan internally, let Infogressive help you!
In an ideal world, you now have decision-maker buy-in and budget approved to move forward with the plan. All of those quick wins and low hanging fruit that were identified within your assessment can now be put into action. Your project board is full and scheduled out for the year with your team of IT and Security Staff ready to train on, implement, and maintain those best fit solutions. SCORE! But what if you don’t have complete buy-in, budget, or worse yet, become overwhelmed with what to do and how to do it? I will start by saying that you are NOT alone.
Let Infogressive take care of the planning, implementation, and ongoing operations to provide your organization with an instant return on your investment. We typically see a 50% cost savings to the organization once you factor in all the pieces required to fully execute and maintain a mature security strategy in a timely manner. How do we do that? Infogressive’s staff are fully trained and certified in the technologies offered through our managed services. That means we are the experts with continuous training and in the field experience required to properly implement and manage the hardened technologies in our lineup. We are now your Security Team!
In summary, there is not a single solution out there that can protect you from top to bottom. Combining layered technologies with a defense-in-depth strategy is the only way to minimize risk in an attempt to keep the bad guys out. Remember this, the bad guys only have to be right once, you have to be right all the time…