Recently, Petra Coach presented a webinar, Good Cybersecurity is Good Business with Sammy de la O of CompassMSP.

You can find the full recording below.

Top Takeaways

Key Takeaways:

  1. What is the current state of cybersecurity?
  2. How do I identify my organization’s cybersecurity needs?
  3. How much should I invest in cybersecurity?

Tell us about the current state of technology and cybersecurity.

Coming out the pandemic, everyone had to make major changes to adapt. In 2021, we saw people leveraging technology to keep businesses going and growing.

  • Examples:
    • WFH
    • Cloud – making business workflows more accessible, minimizing office/server room footprint
    • Tele-health
    • Online education
    • Online collaboration/meetings

Alongside all these developments, we need to make sure it’s being implemented in a safe way. We also saw lot of cyber threats in 2021.

  • Ransomware was the most common type of cyber threats
    • 1 click is all it takes to take down a business for any amount of time
    • Made there a greater need for training

According to Verizon’s annual study, out of 80,000 incidents across 11 industries over 80 countries, 20% confirmed that data was taken.

What should leaders do to assess their organization’s cybersecurity needs?

The first questions to ask business leaders is how do you use technology today? Do you have a good understanding of what technology you have, what you’re investing, and how you’re using it?

Not only do leaders have to think about how they’re using it today, but where do you want your company to go and how is technology going to help you scale and grow out?

Where is your data? Server? Desktop? USB? Print?

This is where risk assessment really comes into play and helps you identify where there are gaps. One of the weakest points in the process is the people factor – all it takes is 1 click. Are you training your staff? Do they understand how their role plays a part in security posture?

In summation: Define your needs and how do we protect them?

Are there frameworks you need to follow? What does strong cybersecurity look like?

Compliance framework is where to start to see what you need in your industry/environment.

Having a strong framework is all about having a good defense. The key is to be as proactive as possible, but also being nimble enough that we can react when the time comes. Combo of tools and solutions fortified by policy and training. A successful framework give you guidance on how to implement a sustainable program in your biz that’s going to give everyone direction on how to use their tech properly.

How should you invest in cybersecurity?

Every business is different – even in the same industry. The key is working with someone who can help you understand your needs and what you need to implement in order do develop a successful program – a partner who understands your business who can tell you what to do right now, invest in long term, and what you need to do to educate your people. Your yearly budget should always have a line item for cybersecurity.

What 5 recommendations any cyber security expert is going to give you that you should be doing today as a business owner?

  1. Multi-factor authentication
  2. Up-to-date patching hardware and software
  3. Strong password
  4. Policies/procedures
  5. Training

What is good cybersecurity posture?

Cyber security is not a “set it and forget it”– it’s an ongoing process.

  • Someone to configure it properly
  • Training
  • Continuous improvement mentality
  • Yearly security assessment – where are the gaps?

Should you hire an internal person or outsource?

It depends on size of business and how you’re using technology, or if your IT people have the specialization.

What types of firms are more at risk?

Any business that has a computer or internet needs cybersecurity. The Center for Internet Security (CIS) Top 20 gives you a list of the top 20 things anyone should be doing. Bigger targets are companies that have a lot of it has to do with information/critical data (i.e. healthcare, supply chain, etc.) Threats don’t necessarily start at the top – they’ll go for smaller companies and work their way up. One of the biggest roles on the rise in 2021 was Chief Information Security Officer.

What does the process look like of getting hit by a ransomware attack?

It often happens Friday afternoon or before a holiday, when people are distracted. Once security sees things are being encrypted, they put a pause on your business and try to shut down the virus as quickly as possible.

The best way to go into it is knowing you’ve done your work with your IT people for a good response plan and have tested it so you know back ups work – everyone knows what they need to do.

What can people who are not in IT do to help ensure strong cyber security in the organization?

Reach out to a knowledgable partner on how to identify roles and responsibilities – not everyone needs to be an IT expert.

Where’s a good resource for overall team education?

  • KnowBe4
  • Exostar
    • Create quick programs for your team
  • Youtube channels
  • Ask your IT person what they do to stay up to date on cybersecurity

If you think you’ve had a cyber attack, whats the first thing to do?

Call a security provider to do forensic work and a root cause analysis to patch that hole. The real recommendation is don’t wait until it’s an emergency to set up good cybersecurity.

How does a remote workforce affect the setup of cybersecurity system?

Now instead of one server, you’re dealing with many people’s wifi, privacy and routers. You need to take those new risks into consideration in your cybersecurity plan.

Now what?

  1. Ask yourself the question: do I know how we use technology today and how we plan to use it in the future?
  2. Have we had a risk and security assessment?
  3. What is my game plan to sustain a strong cybersecurity posture? Do I have a roadmap/plan of action?
    • Go back to the main 5 things

Like what you see? Register for our upcoming workshops & webinars today!