Column: Prioritize business risks for cybersecurity plan

Michael Taratko is principal architect — security at CBTS. Reach him at michael.taratko@cbts.com.

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

The continuous buzz of privacy breaches and data loss in the news is enough to make the hardiest of cybersecurity experts cringe. Everyone who goes online, particularly business owners, should consider how they can best protect themselves. The good news is there are some viable options and resources to help you.

I recommend keeping your monitoring as simple as possible. Some vendors seem to be pushing “silver bullet” products that may not necessarily be tailored to your needs. Simply put, there is no silver bullet in cybersecurity.

As you get started, it’s important to first:

>> Understand your organization’s compliance requirements.

>> Understand the total cost of ownership (TCO) of a security product or system, which includes direct and indirect costs.

>> Determine your basic security control needs. If you need support, the Center for Internet Security (CIS) cisecurity.org) is a good place to start.

Here are basic, foundational cybersecurity guidelines from CIS:

>> Create and maintain an inventory of all hardware and software. This is a key step because you can’t protect what you don’t know you have.

>> Deploy a vulnerability management solution (patches and configurations).

>> Establish secure configurations and base lines, and consistently manage software and configurations.

>> Regularly monitor and analyze audit logs. Consistent reviews of solid logging records will uncover cyberattacks that may have gone undetected.

>> Install email and web browser protections. Email clients and web browsers are among the most common points of entry for cyberattacks.

>> Install malware defenses (anti-virus protection, etc.) with daily updates.

>> Define your backup strategy, frequency and a process if backup fails.

>> Deploy cybersecurity awareness training for employees on a regular basis. Training should identify emerging threats and how to mitigate them.

As you can see, just covering the basics adds up to a significant task list that requires internal resources and skills.

Automating as much as possible and working with a trusted technology partner are good options that will help you maximize the benefits and leverage their expertise. Single-pane dashboard systems that integrate information from multiple sources are also becoming popular.

In conclusion, in order to up your cybersecurity game, it’s important to understand your organization’s biggest risks and to prioritize and leverage cost-effective tools that will help you gain insight into your environment. It’s easier said than done, but aligning with the right local partners can help you incrementally improve your cybersecurity posture.

Michael Taratko is principal architect — security at CBTS. Reach him at michael.taratko@cbts.com.