Three things you need for effective cybersecurity

Posted by Robert Picard, Demand ITS 22-09-2021 11:13 AM

You saw the headline, and you’re thinking to yourself, just three things? Is this some joke? No, how you choose to do those three things will define how effective your cybersecurity is.

Can cybersecurity finally be that easy? Yes, it can, especially with help from your Millenium Micro Partner. The three things you need are a cybersecurity culture, security stack and backups.

Can it be that simple? I thought cybersecurity was incredibly complex and in the realm of IT security specialists. But I guess that depends on your point of view; cybersecurity is indeed a vast subject that needs years to become an expert, but you don’t need to be an expert.

Think of your car; you know what you need and want in a vehicle, you have an idea of your budget and how you plan to use it. But, do you know about the 30,000 parts needed to build one, or how each component works together to give you the ability to drive? Probably not, and that’s okay.

1. Cybersecurity culture
In business, we often talk about the culture of the organization. The organizational culture helps us define the accepted norms, values and behaviours of our employees. It’s not a policy you can find on paper; it lives and breathes and changes with the needs of your business. It plays a role in absolutely everything you do, embraced by everyone from the big boss up the top down to the summer intern. A great corporate culture will improve employee satisfaction and job performance.

Chances are, your business now runs on technology, and cybersecurity culture has to be a key component of your organization. So it’s more than just doing your occasional training; it’s about our behaviour and attitudes towards cybersecurity.

It also means how your IT department addresses cybersecurity needs to change as well. For example, they can’t simply hand out a policy and say, here, do this and expect compliance. After all, your employees don’t work for the IT department. IT and cybersecurity policies should exist to support productivity, not reduce it. That means having a conversation about why a policy exists, the risks to productivity, and security risks. Unfortunately, it may mean the policy needs to be rewritten or removed entirely!

Did you know that nearly every cybersecurity framework advises AGAINST regular password changes? Scheduled password changes were leading to weaker cybersecurity. People reused passwords, guessable patterns or were leaving them on Post-it notes because of these constant changes.

Everyone needs to embrace cybersecurity as a positive complement to everyday work. That means having a conversation to help sensitize employees to risks, engage in training. Most importantly, discuss how to integrate cybersecurity without negatively impacting productivity.

2. Cybersecurity stack
A security stack is a series of software components that work together to provide you with layered security. Think of it as ordering a cheeseburger; nearly everyone knows what you mean. But, of course, what that cheeseburger tastes and looks like can change depending on where you buy it, your budget and how hungry you are.

Security stacks work the same way; they should have a few basics covered, but depending on your budget or need can vary differently. Basics for a good security stack are:

  • User training — A system to teach your users how to identify security risks and avoid them;
  • Endpoint protection — Software to reduce your risk if your training fails;
  • Encryption — Avoid a PIPEDA privacy breach if equipment is lost or stolen;
  • DNS filtration — Stop users and systems from accessing malicious domains;
  • Access control — Limit access to data to specific users;
  • Cybersecurity framework — A series of checkboxes to help you identify your cyber-risks.

The great thing about developing a security stack is that you could do it yourself or offload this to your local Millenium Micro Partner.

3. Backups
It doesn’t matter how big your organization is; everyone is susceptible to data loss. It could be an accidental deletion or a disaster like ransomware or a fire.

If you have data that’s important, you need to back it up no matter where it lives, including in the Cloud. However, you may not realize that Cloud vendors often state that they are not responsible for lost data in the end-user licence agreement. The great news is, your Millenium Micro Partner can help here too! So you don’t need to go it alone.

Remember when I told you only needed three things for effective cybersecurity? They are a cybersecurity culture, security stack and backups.

How you go about doing these three things will define how effective your cybersecurity is. The great news is that if you’ve already mastered cybersecurity culture, you can outsource the rest!

If you need help with any stage of the cybersecurity journey, please reach out to your Millenium Micro Partner; after all, IT, it’s what WE do!

Robert Picard, Demand ITS.