5 FOUNDATIONS OF A SOLID CYBERSECURITY PLAN
Do you know the five steps to create a solid cybersecurity plan? Continue reading to find out what steps to take and other resources for your business.
5 FOUNDATIONS OF A SOLID CYBERSECURITY PLAN
Identify - Define your business assets and what you need to protect.
Protect - Operate securely and actively protect your valuable information.
Detect - Observe and alert on bad behaviors and other indicators of compromise.
Response - Guide your actions with your response plans.
Recovery - A safety net is imperative for a solid Continuity and Disaster Recovery Plan.
CRAFTING A SOLID CYBERSECURITY PROCESS
The first steps in crafting a solid cybersecurity process for your business fall under the IDENTIFY domain: perform a Risk Assessment, a Vulnerability Assessment, and an Impact Analysis on your business to help document your business risks.
Let’s dig into this a bit. Beware, lots of links ahead!
Here is a great resource that you’ve already paid for with your tax dollars – the NIST Small Business Cybersecurity corner, https://www.nist.gov/itl/smallbusinesscyber. NIST has a roadmap, https://www.us-cert.gov/sites/default/files/c3vp/smb/DHS-SMB-Road-Map.pdf to help visualize the journey to improved cybersecurity for your business. This guide covers the five foundations discussed earlier in a user-friendly format -https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf.
Risk Assessment – compare proven best practices against how your business approaches various actions/processes that can impact your security. RealTime has a shortened Risk Assessment to get you started, all based upon the NIST Cybersecurity framework. Save some time by calling us to review your processes or use the full assessment using the NIST framework tools provided below:
Latest NIST CSF Framework PDF, version 1.1 https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
Spreadsheet to perform the evaluation with https://www.nist.gov/document/2018-04-16frameworkv11core1xlsx
Vulnerability Assessment – Test your network inside and out for technical holes using this assessment. A competent professional should perform this step and RealTime is available. You can do this yourself, but it’ll be faster, cheaper, and better to engage a professional to perform this step.
Business Impact Analysis – Outline the most important things your business does and technologies or systems used to perform these important functions. This will help you focus your resources where you can get the most positive impact to your business. A Business Impact Analysis is definitely a DIY step – no one knows your business better than you. RealTime can help guide the process and the risk discussion if you need it.
IDENTIFIED RISKS AND POTENTIAL IMPACTS
After you’ve gathered this information, prioritize your findings to help make educated decisions on
What risks you need to mitigate now;
What risks to plan to address in the future;
What risks you choose to accept for now.
The goal is for your business to understand what your identified risks are and the potential impacts; this allows you to prioritize and begin mitigating those risks. Most small businesses find that many risks are process/procedure oriented. These things can largely be addressed internally with proper staff training on new processes.
Additionally, it is likely that there will also be technical risks and these will need to be addressed by your Technology Department or an outsourced provider like RealTime.
ARE YOU GOING TO SLEEP WELL TONIGHT?
We hope this piqueS your interest in getting on the path to improving cybersecurity for your business. EVERY business, small or large, needs a comprehensive cybersecurity program now more than ever. Call us if we can help or fill-out the form below, (334) 678-1417.
Pro tip – this is part of RESPOND, but is something you’ll want to have in place sooner rather than later – Cyber liability insurance. Talk to a qualified insurer, ask lots of questions and make sure the policy is going to be effective in providing the coverage your business needs.
[Guest post written by RealTime VP Todd Swartzman]
WANT ADDITIONAL RESOURCES?
We have resources such as a Business Impact Analysis spreadsheet and other items to help your business. Just fill-out the form below and we will help you out.
2 TIPS FOR IT HURRICANE PREP
Don’t wait for a Hurricane to hit our area to begin to prepare for Hurricane Season. Here are our TOP TWO TIPS to begin prep work for Hurricane Season.
Hurricane season is quickly approaching as we watch Tropical Storm Barry move into the coast. Start preparing your business now, instead of waiting until the last minute.
source: ABC13 Houston
TOP TWO TIPS FOR HURRICANE SEASON PREP FOR YOUR INFORMATION TECHNOLOGY
Don’t wait for a Hurricane to hit our area to begin to prepare for Hurricane Season. Here are our TOP TWO TIPS to begin prep work for Hurricane Season:
BACKUP TO A HYBRID-CLOUD
There are several different ways to create a backup, but we suggest a hybrid-cloud image-based backup that can be used to restore data and applications even if your server is destroyed, and that can restore data from different points in time.
RealTime provides Hybrid-Cloud backups for our clients. The above diagram explains the concept of a Hybrid cloud model for backing up your data.
Source: KPMG International, 2016.
2. GO OLD SCHOOL
This is what telephones looked like before they were referred to as “landlines”.
Use your printer the way you did in the 1990s! Print out a copy of all of your important emergency contacts and have them ready with your hurricane supplies. You never know if you will be able to access your phone or computer, but perhaps you can find a landline somewhere to use in a dire situation.
If you don’t have a Backup plan, contact us today to get your business backup going. Our IT experts can handle all of the details of protecting your business during Hurricane Season and year round. It’s always good to have a plan. We are the planning experts.
Contact us now.
How to Clean Out the Cruft
Software cruft are basically “digital dust bunnies.” You know, those duplicate files, forgotten downloads, abandoned files from apps you deleted, and so on. They’re slowing you down big time. Getting the cruft out may sound daunting, but it is actually easy to do. Apple, Microsoft and Google have all joined the anti-cruft global crusade and have added cruft-removal tools to their operating systems. You just need to remind yourself to use them.
Software cruft are basically “digital dust bunnies.” You know, those duplicate files, forgotten downloads, abandoned files from apps you deleted, and so on. They’re slowing you down big time. Getting the cruft out may sound daunting, but it is actually easy to do. Apple, Microsoft and Google have all joined the anti-cruft global crusade and have added cruft-removal tools to their operating systems. You just need to remind yourself to use them.
Windows 10: From the Start menu, open Settings, System and then Storage. If you click “Free up space now,” Windows displays a list of cruft categories that it’s safe to delete, and shows how many gigabytes you’ll reclaim.
Here, you can also turn on Storage Sense, which prevents cruft from accumulating in the first place. (Click “Change how we free up space automatically” to adjust the frequency of the deletions.)
Windows 10 offers a simple way to reclaim disk space from orphaned files.
Mac: Apple’s cruft cruncher can reclaim huge swaths of space. (It’s available on macOS High Sierra and later.) To see it, from the Apple menu, choose About This Mac; click Storage; and then Manage.
Here, you’ll see options like “Automatically remove watched iTunes movies and TV shows” and “Download only recent attachments” (in the Mail app). Click Review Files to see a sortable list of everything on your drive, which makes it easy to spot duplicates, or your biggest and oldest files, and delete them.
The Mac, too, suggests ways to pinpoint abandoned and gigantic files for deletion.
Android: Beginning with the Oreo version of Android, Google has made it fantastically easy to clean out junk files from your phone: Tap Settings, Storage & Memory, and then “Free Up Space.” The resulting list includes downloaded files, photos and videos that you’ve already backed up, and apps you haven’t used in some time. You can delete them by category or individually.
When your Android phone is feeling stuffed, open Settings to lighten its load.
iOS: On the iPhone or iPad, tap Settings, General, and then iPhone Storage. You’re now facing iOS’s cruft-removal options: Offload Unused Apps, Review iTunes Videos (enormous TV and movie files), plus an app-by-app listing of space gobblers. Music, Photos, Podcasts and TV usually top the list.
To delete the individual songs, videos, photos and other files that are eating up your space, you still have to open the corresponding app. But at least now you know where to begin.
The iPhone and iPad make it easy to see which big and underused apps are junking up your storage.
*Information courtesy of https://www.nytimes.com/2019/02/01/smarter-living/how-to-do-a-data-cleanse.html
Breakup with your password...it's cheating on you.
You have to face facts that your password is easy! Literally. And you have no idea who has been running around with your password over the last year and a half. Take this opportunity to make a change - now that you know the truth - and secure yourself a much better password. And don’t worry about the old password; it has cheated (at least) once, and it will cheat again.
You love your password.
You use it on every platform you can imagine: Your email, online banking and even Facebook! You are so happy every time you think about your password, you can never imagine changing it.
But what you don’t realize is, while you are caught up in those tingly feelings of love, and that false sense of security that you can always rely on your password to work, your password has been cheating on you.
You have to face facts that your password is easy! Literally. And you have no idea who has been running around with your password over the last year and a half. Take this opportunity to make a change - now that you know the truth - and secure yourself a much better password. And don’t worry about the old password; it has cheated once, and it will cheat again. (You’ve got 99 problems, but your password’s not one of them).
How to break up and move on to something better:
Breakups are tough, but I guarantee you that once you see there are better passwords out there (that are tough and have your best interest at heart) you will get over the breakup quickly.
It’s Complicated.
A good password is one that is complex and something you can remember. Finding that sweet spot can be hard sometimes, but I promise it’s necessary. Try using a passphrase. A passphrase is a combination of words used to create a sentence that generates complex, long passwords that are easy to memorize.
For example: Che@t=r (i.e. Cheater…see how easy?)It’s not for life.
Don’t grow too attached to your new passwords – you’ll be breaking up frequently. So, how often should you change your password? We recommend at least every six months, if not more. Mix it up, don’t give your password time to cheat on you again.
Adopt long passphrases.
Size does matter. We recommend you use at least 16 characters for your password. Once you hit the 12 – 16 range, you make it WAY harder for cyber criminals to use brute force or guess your password.
For example: myV@lentin3 does little for protection compared to a passphrase like hewill%cheaton*yout00.Don’t ever take that password back.
If your password cheated on you once, don’t give it another chance to do it to you again! A new, long passphrase is exactly what you need! Meaning, do not reuse old passwords because they’re comfortable. There’s a reason they’re in your past. Leave them there.
Make online security a lifetime love affair to protect yourself. You are worth it!
WHO WE ARE:
RealTime provides real I.T. solutions to businesses. If you need more information on ways that we can help your business, contact us now or continuing reading here.
Merry Christmas from RealTime!
View our 15 second TV Commercial we made for the Christmas Season.