Develop and Promote a Culture with Risk Management at the Forefront

One of your best defenses against a cybersecurity attack is to create a culture that embraces cybersecurity protocols , training , involvement and investment from top to bottom . Your employees are not only your company ’ s greatest asset , but they are also one of your biggest threats to cybersecurity . This includes malicious insiders , employees falling victim to social attacks like phishing or pretexting , and plain old human error .

To create a security-centric culture , it needs to start at the top . An organization needs key decision makers and leaders to be on board with cybersecurity . This includes educating employees on their roles and responsibilities as they relate to cybersecurity , understanding and standing behind security investments , and encouraging the organization to include cybersecurity within the enterprise risk framework . Ongoing training on the various topics of cybersecurity should be rolled out to all employees . Make trainings mandatory and tie them to the goals of their role . Make certain you are setting clear expectations across the organization , so everyone understands what is expected from them . Finally , assess the program ’ s progress and adjust as you go .

Implement a Password Management System and Single Sign-On ( SSO )

There is a clear path toward consistent and highquality security : password management and single sign-on . Instead of asking your employees to remember dozens of passwords , they will only be required to enter one . This reduces the likelihood they will use weak passwords , or even worse , reuse them . Another measure you can take is to increase the required password length , as longer passwords are harder for attackers to guess or crack . This can also lessen the need for varying numeric , symbol or letter requirements , and change frequency . This works best in combination with multi-factor authentication tools , which only allow access to individuals who have your password and your phone .

Understand Your Access

Your organization uses technology every day to help your business run more efficiently , but do you have a clear understanding of each employee ’ s access to company or customer information ? It is important to have a solution in place to catalog all the user access rights within your organization . Once this is complete , meet with your management teams to review the list and make any adjustments . All systems should be included , as any system ignored or excluded from access management increases risk exposure . In addition , managers should set up their systems so employees need verification before they can access highly sensitive information . Therefore , employees who have access to the highly sensitive information are the only ones who need it . This should also include making sure your process works for removing terminated employees from accessing all systems .

Conduct Internal Assessments

A cybersecurity assessment can help ensure your business is taking the proper steps to protect itself . Companies today are taking advantage of technologies that allow them to gather , track and analyze customer and financial data to make better business decisions . This includes software for essential business activities such as payroll , accounts receivable and payable , supply chain management , human resources and benefits , and on-site security .

By conducting a formal cybersecurity assessment , you can inventory your hardware and software , identify any potential vulnerabilities , and implement internal controls and other protective measures to reduce risk . There are several recognized cybersecurity standards and frameworks to guide these efforts developed by the National Institute of Standards and Technology and the International Organization for Standardization . If this is an area where you don ’ t have the bandwidth , you may want to hire a qualified information technology ( IT ) consultant to conduct a customized assessment .

Continued on page 14

Issue 1 | 2023 VIEWpoint 13