As technology trends continue to permeate the market, so do cybersecurity vulnerabilities and the requirements for protecting information.

New data security guidance affects businesses working in both the government and commercial space.

Given the ever-evolving technology and threat landscape, a proactive approach to cybersecurity is required – you cannot afford to wait until you are breached to take action. 

Identify

It’s like buying insurance – you need to know what it is you’re protecting before you invest in a policy. So, first, inventory all of your information and system assets to identify your risks. You must fully understand your risk posture and your risk management strategies.

Protect

Once you understand your business risks, turn your attention to proactively protecting your data by:

Limiting access to authorized users, processes, or devices and to authorized activities and transactions

Training employees on cybersecurity procedures and policies

Ensuring information is managed consistently with your risk strategy

Establishing security policies, processes, and procedures

Detect

Routine monitoring is imperative to quickly detect malicious, undesirable, or abnormal activity and promptly take action. It’s far less costly to take steps now, rather than wait until the authorities, a client, or the press notify you there has been a breach.

Respond

Breaches happen. So, once you’ve been breached, it’s a race against the clock. You need a plan in place that has been exercised and maintained in “peace time.” To be ready to respond, you develop response processes and procedures and test them to ensure the response is timely and minimizes damage to your business. You will also need to coordinate and communicate response activities with internal and external stakeholders.

Recover

Successful recovery from a breach requires planning to save time, money, information, and reputation. Plan for actions necessary to earn back the trust of your clients and think about the financial resources it will take to recover. Cyber liability insurance can be considered because recovering from a breach is a lengthy and expensive process; but, having a solid plan will decrease the long-term impact.

With solid cybersecurity procedures in place, you reduce the chances of a harmful data breach – upsetting customer confidence (and your bottom line).

However, the five functions of a cybersecurity program are just gathering dust if you don’t communicate and educate employees on how to prevent data breaches. Employees are the first line of defense. Technology is only a partial solution: employees must understand and implement security policies and procedures to prevent breaches from happening in the first place.

 

Original article appeared in the Maryland Cybersecurity Buyer’s Guide 2017.

AUTHOR: BRIAN HUBBARD (FRM. DIRECTOR OF COMMERCIAL)

With 32+ years of cybersecurity experience, Brian was responsible for all strategic Commercial initiatives, as well as development and expansion of Edwards’ Cybersecurity Solution Area. Brian was experienced in architecting, designing and developing solutions to some of the nation’s top cybersecurity challenges. Brian possesses successful program manager skills, leading large IDIQ contracts from inception through close involving hundreds of individual task orders, and involving several hundred staff members and dozens of corporate teammates.