Get Involved– Appoint a Compliance/Security Officer and Consult with a capable firm
Create a culture of security- “No security policies, standards, guidelines or procedures can foresee all of the circumstances in which they are to be interpreted. Therefore, if stakeholders are not grounded in a culture of security, there is potential for improper actions.” https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Creating-a-Culture-of-Security.aspx
Understand Cyber Risks– Company Stakeholders and Officers need to understand the risks they face from phishing, ransomware, malware, crypto mining. https://www.theirm.org/knowledge-and-resources/thought-leadership/cyber-risk/
Understand Internal Risks– Employees are, unwittingly or not, one of the weakest links in an organization’s cybersecurity architecture and are often the source of data breaches. https://www.cio.com/article/2872517/data-breach/6-biggest-business-security-risks-and-how-you-can-fight-back.html
Conduct a thorough audit of current security infrastructure, policies, procedures and training– How you prepare your staff, how you respond, remediate and prioritize should be a key element in your organization.
Approach threat protection from multiple angles– Simply having anti-virus or simply having a firewall isn’t enough. http://www.baselinemag.com/security/taking-a-multifaceted-approach-to-cyber-security.html
Capture and Monitor– Essential to the threat landscape is the capture and monitoring of, as many as practical, logs of file access, login/logoff, email transactions, internet browsing, social media use, etc.
By collecting and analyzing logs, you can understand what transpires within your network. Intent is to be proactive but often times real-time or post analysis is necessary.
Establish thorough policies, procedures and training– It’s critical to develop these for all electronic/cyber uses. Social Media, Mobile, Web browsing, file sharing, etc. Initially this might seem extreme but limiting the foot print reduces the surface potential for attack.
Implement, Train, Review and Develop- All this is for naught if you don’t act and don’t continue to evolve. An organization’s ability to learn, and translate that learning into action rapidly is the ultimate competitive advantage. — Jack Welch, former General Electric CEO