An Earth Day Reminder: How to Take Care of Your Security Environment
Happy Earth Day! I hope you get to spend some time outside today to take in mother nature in all of her glory, but while I have you here, I want to discuss a different type of environment: your security environment.
Just as with the environment around us, we have to take care of our organization’s security environment to keep our data healthy, happy, and, most importantly, secure. There’s are so many factors that contribute to maintaining a healthy security environment for your organization. Are you keeping up to date with your annual compliance audits? Are you performing regular risk assessments? Are your employees aware of what they need to do to keep your environment secure? It can feel like an overwhelming task to keep your org’s security environment secure, but we’re here to help you along one step at a time.
How YOU Can Make a Difference in Your Org’s Security Environment
Planting a native tree species or beginning to recycle may seem like too small of an action to make a difference in our environment, but even small actions can make a bigger difference than you think. Like trying to make a difference in Earth’s environment, helping take care of your organization’s security environment can feel like an impossible task. By following the simple steps listed below, you can make an impact on your organization’s security environment.
- Cyber Literacy
Cyber literacy is the ability to use computer technology effectively as well as being able to understand the implications of the actions performed on that technology. Most members of an organization are going to understand how to conduct their jobs on their devices, but how many of them really understand what every action they perform does on a larger scale? Not understanding the implications of downloading a file or clicking on a link could put your organization at risk.
That’s why it’s so important to work towards cyber literacy. Hopefully, your organization is providing resources to help you educate yourself on cybersecurity best practices, but you can easily research common threats and vulnerabilities and how you can help prevent them from affecting your company. For example, this article by Forbes popped up when I googled “common threats and vulnerabilities.” Articles like this won’t completely protect your organization but taking 5-10 minutes to read about common threats your business is up against can help you understand what to look out for and how to avoid falling victim to today’s bad actors.
- Policies and Procedures
When’s the last time you reviewed your organization’s policies and procedures regarding the devices and systems you use on a daily basis or what to do in the case of a security event. While deciding what programs and systems you use or what your company’s incident response plan looks like probably isn’t up to you, it’s your responsibility to know what’s expected of you to help keep the organization secure.
Are you updating your passwords when you’re supposed to? Are you updating and restarting your computer when your IT department identifies a vulnerability? Do you know what you’re expected to do if your company experiences a security event? Some threats and vulnerabilities will continue to affect organizations even if employees are doing everything they need to, but you can limit the risk your company is up against by staying informed on relevant policies and procedures.
- Speak Up
An important but underrated step in protecting your organization’s security environment is speaking up if you see something that could put your organization at risk. It can feel intimidating to go to leadership or the security professionals in your company when you yourself aren’t a security professional or in leadership. You might be worried that the suspicious email you received was just spam and not a phishing email or that the person you didn’t recognize in the office this morning was someone’s visitor and not someone looking to hack into your org’s system. But what if you’re wrong? Wouldn’t it be better to notify someone just in case?
Although reporting security issues may not be listed in your formal job description, every single person that makes up a company should feel accountable for protecting the data the company is responsible for. Wouldn’t you want that from the employees of an organization that was responsible for some of your personal data? Ideally, your leadership has created a space where you can easily report suspicious activity. The strongest security environments are supported by companies who have built a cyber-resilient culture.
How the Board can Contribute
Climate activists and other individuals who want what’s best for our planet can only do so much without the support of large corporations and donors. On a similar note, IT teams and other members of an organization can only do so much when it comes to keeping the security environment healthy and secure. While members of a company are certainly essential in keeping a business secure, they ultimately need the board’s support to create change. However, it can be a challenge to get the board to see how valuable cybersecurity is to the well being of the company when they have so many other important things to spend time on.
That’s why we’re calling all board members and leadership to take a look at the following three ways you can easily nurture your organization’s security environment.
- Conduct table top exercises.
Your organization should have an Incident Response Plan (IRP) that’s mapped out and documented, but when’s the last time you tested your IRP to make sure it actually worked? That’s where table top exercises come in. Although taking time out of your busy schedule to conduct table top exercises can seem inconvenient, it’s the best way to see if your organization is prepared for a security event. To ensure that this important exercise is taken seriously, it’s essential that the board is involved and relays its importance to the rest of the organization. When something goes wrong, you want to know that all members of the company know how to respond so damages are as minimal as possible.
- Create a space for security concerns.
As mentioned earlier, it’s important that all members of the organization have somewhere to report suspicious activity when they see it. As a leader, you need to make sure that these spaces exist and that feedback from employees is welcome. Without this leadership, employees either won’t know where to turn with their concerns or won’t feel comfortable reporting mistakes or findings. When leadership creates an environment conducive to growth and feedback, a healthier security environment is cultivated.
- See where you stand based on industry standards.
A great way to maintain a healthy security environment is to check your controls against industry standards. You can do this by identifying which compliance frameworks apply to your organization and self-assessing which of your controls are effective and which need some work. Of course, you still need to stay up to date on all of your compliance audits, but self-assessment can be a great tool to give leadership a good idea of where the organization stands. There are some great free resources out there to help you know if your organization is complying to the necessary frameworks, such as this NIST cybersecurity framework 2.0 self- scoring tool or these cybersecurity topic YouTube playlists. Take some time in your next IT or board meeting to assess where you stand with your compliance. A few minutes could do wonders for your security environment.
Change Your Environment with KirkpatrickPrice
Making changes to your security environment can sometimes feel like you’re trying to change the world all at once. That’s why it’s so important to take things one step at a time and remember that even small changes make a difference. All types of environments need maintaining! We hope this post helps you get started on a positive note as you work to revitalize your org’s security environment, but if you have any questions about strengthening your company’s security posture, connect with one of our experts today.