How do you build a security strategy for your business?

SpearIT editor

4/16/2019

To safeguard the IT of your business, it's no longer enough to dabble with security here and there.

You’re better off implementing a security strategy which gives you an overview of all the challenges and solutions required. The step-by-step plan below is based on the recommendations of the Center for Cyber Security Belgium.

1. Develop a cybersecurity strategy

Many businesses today already use technical tools to secure their IT – a firewall, antivirus software, user management – but they lack a coherent, long-term vision.

By developing a cybersecurity strategy, you can define objectives and take the appropriate measures.

Instead of always putting out small fires, think about where the flammable material is located, where the fire extinguishers should hang, and who should do what in case of a fire.

2. Protect the IT infrastructure

To develop a cybersecurity strategy, you need to know precisely what needs to be protected.

• Make an inventory of all the company’s assets, as well as the assets provided by partners (Internet access, cloud providers, etc.). Analyze how crucial each asset is.
• Then, make sure they are sufficiently protected with the appropriate technical measures.
• Besides the indispensable firewall and anti-malware, also consider user management and the security of cloud applications and homeworkers.
• A daily back-up also forms part of the protection.

But take note: a lot of ransomware can affect back-ups which are connected to the system.

So, it is advisable to connect the back-up to the system only when a back-up is made.

3. Raise awareness

Cybercriminals today often use social engineering to get around technical security measures. By gaining the trust of employees, they obtain passwords or get users to install malware.

Here, prevention is key. Inform users about the existence of social engineering and show them how to recognize suspicious e-mails and websites. If you explain why it's important to have a strong password that is frequently changed, they won't consider your carefully thought out password policy an annoyance.

Static passwords remain risky, of course, which is why the safest solution is two-factor authentication using a token or mobile app.

4. Comply with legal obligations

Businesses that process personal and sensitive data must comply with the provisions of the GDPR.

Just by having a customer list, you fall under these rules. Making your business GDPR-compliant is hardly straightforward, but not doing so can cost you.

5. Share knowledge and report incidents

Cybersecurity is a hot topic and we’re receiving more information about it daily. To stay updated, it helps to share knowledge with and learn from others – such as an IT supplier, other IT managers, or the Cyber Security Coalition.

If your business is confronted with cybercrime, report it to the police and also notify CERT.

Read more on how to protect your company