Probing Cybersecurity Actions
The participants tried to conceptualize cybersecurity and incorporate it into activities. How can we keep our hardware and software secure? As an SME, what actions can we take ourselves? What should I handle, and what should I outsource? How can I determine if we have sufficient security?
At the seminar, it was concluded that the advice for the firm could be: Always keep your devices and systems updated and ensure that you apply the patches recommended by providers. Make sure you have a backup and that it is stored properly. Additionally, using strong passwords, ideally with a password manager, and implementing multi-factor authentication are simple but very effective measures. Identify worst-case scenarios and, with your staff, plan how to handle them. These actions are easy to do yourself. Regularly checking your systems through vulnerability scans, audits, and a penetration test is crucial for maintaining security. For some customized systems, these actions require both expertise and specialized tools, making them difficult to do on your own. Reach out to your provider; you might have already paid for these services. If not, seek assistance.
The simple answer to what you can manage and what should be outsourced is: it depends! It depends on your cybersecurity skills, the type of business, its clients, and partners, to name a few. What you must always handle yourself is fostering a solid, organization-based security culture and developing and maintaining it through your leadership. A common mistake when assessing digital security is being overly confident and ignoring the fact that your company, not just others, can be attacked. A well-known saying among security experts is to stay healthily paranoid, meaning not to be overly suspicious or see everything as a threat. Follow reports from the media and expert firms, and use tools and materials from authorities’ websites, such as ENISA( enisa. europa. eu). Compare your approach to digital security with established standards and best practices.
Questions about leading to systematic cybersecurity: Do we have a shared understanding of our business ' s core operations and the key information that supports them? If we have a skills gap, whom should we ask for support? Can we train ourselves? If so, what kind of training and how often? How can we assess the effects to decide what to train next? Do we have routines or procedures in place for following up on digital security? How can we measure our progress? Regarding our business and resources, what would be an appropriate level of digital security? What factors might influence our perception?