With every new year, there comes new cybersecurity tools, updates, cyber threats, and the usual transformations that take place as the digital era goes through its changes. This means that every executive, whether business owner, CEO, security leader, CIO, and the board members of big organizations, are already setting up their meetings and planning for at least the first quarter’s goals.
As cyber threats and privacy regulations come forth, an outline of major points to discuss and/or know about will come handy to every executive who is interested in protecting their business’ assets, employees, team members, and customers.
For the ease of use and communication needed to bring up important cybersecurity topics, while relating them in the language of board members and CEOs, we share with you a priority of items in the most user-friendly way possible (avoiding too much of the technical lingo, and instead focusing on those ROI points that will hit the mark and be effective in revealing the importance of cybersecurity in business terms).
Cybersecurity planning for this new year and any new year moving forward (you can save the checklist and add to it as new cybersecurity components become part of the process of risk management in time).
Security Assessment – If you haven’t conducted at least one security assessment yet, it’s something you definitely want to start with, before you plan your cybersecurity budget and/or to-do list. This overview of your systems and operations allows you to know what technology needs updating and/or changing; where your vulnerabilities lie (for example if your router is one of the many with certain vulnerabilities that need to be addressed or your cloud provider has been breached and/or an evaluation of their security, etc.); and if your policies and procedures need updating, as well as your business continuity plan.
Compliance and Privacy Regulations – Make sure you’re up-to-date on all the compliance regulations that affect your business, and the new privacy regulations that you have to adhere to (such as the CCPA or GDPR that are effective at this point in time, and soon to be followed by more). Even though compliance and privacy regulations may overlap, you want to make sure you have everything in place in the way that avoids you fines for not meeting the requirements necessary.
Business Continuity – Even though you have a business continuity plan, it doesn’t mean it’s effective. Have you conducted practice scenarios to enact your plan? Do you know if there are things that need to be changed due to an upgrade in technology or integration of external third-party providers? Get out your business continuity plan and revisit every item to ensure all is up-to-date, and schedule at least a quarterly or yearly practice with the plan to see if it will work when in need during down-time or unforeseen natural events that take place throughout the year, such as hurricane season.
Policies and Procedures – Along the same lines of your business continuity plans, you want to revisit your security policies and procedures as well. Do you have updated BYOD policies and procedures for the new devices coming in following the holidays and with devices being updated continuously in how they are made and function? Check your third-party agreements and if there are any amendments you need to make with them to double down on cybersecurity to ensure you don’t have repercussions from a breach they may be subject to and that they don’t disclose to you in a timely manner, or even how the communication of breach is going to be communicated to your customers and within the enterprise.
Incident Response Team – Timing is everything when it comes to breach. The longer you remain unaware of breach, the more it will cost your business. Decide on who the incident response team members are and if you need to get a team from an outside source due to lack of cybersecurity personnel, start looking for a risk management company that offers incident response (such as NCX Group).
Employee Training – Employees are typically defined as the weakest and/or strongest links to cybersecurity because they are the most vulnerable to letting a cyber criminal in (like falling for a phishing email and downloading an attachment that holds ransomware) through unawareness; or are able to spot a cyber risk and communicate it, as well as avoid it. This all depends on the time you spend training employees on cyber risks such as phishing (don’t forget we have a free service for SMBs that can help in this area – here’s the link) and communicating with them on cybersecurity matters.
Cybersecurity Communication – Although many would not include communication in a checklist for planning cybersecurity in a new year, communication is everything! One of the reasons for a continuous insecurity posture within businesses is the fact that the CIO and CEO speak different languages, that employees don’t understand security lingo or the process of a vulnerability, and it is also a matter of every person being focused and thinking in the way that their mindset is established, which will be one that is focused on their unique area of expertise and day-to-day important matters. To work on improvement for communication on cybersecurity in the new year, make it a plan to at least meet or send emails on cybersecurity topics throughout the company once a quarter, if you can once a month and in important need to communicate situations (like if breach happens).
Always remember that you have a partner for your cyber risks if the time comes that you are ready to adapt a holistic cybersecurity posture and keep your business in tip-top-shape for all the items listed in this checklist and more.
Schedule your free cybersecurity consultation to plan for the new year and the risks that come with it!
To A Very Happy and Secure New Year!
Photo Courtesy of donskarpo