3 minute read
CONFERENCE NOW
Cybersecurity Planning Crucial to your Business
By Lizz McCrindle
NSGA Communications & Social Media Manager
Businesses large and small are dependent on technology. There are many advantages and conveniences but there are also a lot of vulnerabilities. Owners and leadership teams must be prepared to protect their business and assets by implementing a strong cybersecurity plan as well as procedures to follow the plan. Andrew Sekela, who is part of the FBI’s bureau in Tampa, Florida, discussed how important this is during his session, “Organizational Cybersecurity: A Top Priority to Protect Your Business,” at the 2021 NSGA Management Conference & Team Dealer Summit. If your small business is the target of a cyberattack or security breach, report it to the FBI. These types of attacks happen every day and cost billions of dollars a year. To keep yourself and your business safe from cyberattacks, Sekela said it is important to change passwords and passphrases often, update software system, and beware of phising emails. To keep your systems and team safe from attacks, it is important to create a cybersecurity culture. This begins at the top with executives and board management understanding the threats posed by cyberattacks. In doing this, leadership can assign different levels of training depending on the department, including cybersecurity awareness for all necessary team members, as well as offering advanced training for the technical staff members. The leadership team should be able to come up with a cybersecurity policy by remembering that the devil is in the details. Once the policy is complete, it should be shared widely with your team, and followed with training to ensure the policy is being enforced. Policy & Procedure: It is essential to conduct regular policy reviews and update the policy frequently as information changes. Look at other examples and compare them to see if there are areas missing. There are many free online resources including: SANS Institute templates (www.sans.org) and the Department of Homeland Security publication “State Cybersecurity Governance Case Studies Cross Site Report.” (www.dhs.gov). Accessibility: Do not give someone more access than they need to do their job. This will help protect against an inside threat. If someone is compromised, only the information they have access to can be exploited. The same thing goes for user access controls as they should be determined by role-based criteria using the principle of least privileged. This means the user is given the minimum levels of access needed to perform their job. With many businesses allowing for employees to work from home, it is essential there are secure remote access features as well as understanding their vulnerabilities.
>> Andrew Sekela
The final element of access control is off-boarding when an employee leaves. Their system access should be completely suspended. Vulnerability Management: Vulnerability makes it easier for hackers to launch a cyberattack. It is important to always stay abreast of the latest vulnerabilities by utilizing all available sources of information. Have the IT department perform regular scans and assessments. If your business does not have an IT department, there are public resources that can also be used to do this type of scanning such as Shodan and Cersys. These sites are designed for organizations to do a scan of their networks and see what devices are connected.
Threat Detection and Monitoring: It is important to detect threats before they become problems. There are several detecting tools such as auditing internal systems and cybersecurity monitoring systems. Another way to monitor threats is to review reports by the FBI and DHS to maintain awareness of critical infrastructure threat trends such as Tactics, Techniques and Procedures (TTPs) or Indicators of Compromise (IOCs). Establish a baseline of network activity (internal and external). It is difficult to determine a threat if you do not know the baseline activity level. Logging and auditing activity on the network is an essential part of threat detection. Monitoring systems include passive (eavesdrop on network and look for compromises), active (actively scan network) and a hybrid of both methods.
