vCISO – Create, monitor and implement preventative measures.

There are a number of preventative measures that can be implemented by any vCISO who is protecting an organisation to ensure that the business is protected.

We have a huge reliance on not only the digital components of our business but also of access to the Internet and all the capabilities that the Internet can bring.

Some basic protective strategies that can be applied to all organisations, include.

Ensure you always have a good backup.

Data should always be backed up to a level where getting back to business as fast as possible is the primary motivation.

This can be achieved using what we call the three, two, one plan that ensures that all data has three copies, is stored in two different locations and lastly one of those locations is off-site and out of band.

In addition to standard daily hourly or continuous backups, there is also a requirement for historical data.

This allows an organisation to go back 360 days, 180 days or 90 days depending on the business risks requirement and depending on governance and compliance requirements.

Protect your devices.

We all have some device that connects our company to the Internet. This device needs to be as secure and as protected as possible.

All devices using an operating system should have a patch management component to ensure that all updates are applied in a regular process.

In addition to updates and patching, there is also a fundamental requirement to have some sort of protective systems like antivirus or anti-malware.

A further protective strategy also includes a firewall, around the device itself, protecting the network and protecting access to cloud resources.

Encryption is your friend.

All data that has been stored in any location that needs to be accessed needs to have some level of encryption in place to protect the data.

Additional protective strategies also include encryption while in the movement to ensure that information cannot be gathered via eavesdropping or a man in the middle attack.

Multifactor authentication.

Multifactor authentication or two-factor authentication should be implemented to protect all external systems that are exposed to the Internet.

Multifactor authentication includes an app on a mobile device, an SMS to a mobile dongle or biometrics.

Introducing password policies.

All passwords within the organisation have to be unique for every site, complex using all characters from a keyboard and also longer than 11 characters.

Manage administrator access

make sure that all systems requiring administrator will or administrator access have had their passwords changed from the default.

Make sure that all administrators and administrator access to all systems is logged correctly.

Reduce the number of users who have admin access to systems and data.

Introduce monitoring policies.

All digital equipment should be monitored to a level congruent with the requirements of the business.

Additional monitoring for systems utilizing USB drives or having the capability of sending intellectual property and/or trade secrets out of the network needs to be managed properly.

Introduce business policies.

There is a requirement for all companies to have control over users and their access to data and systems.

Introducing policies, procedures, processes, and plans is essential for a fully functional environment. The introduction of these requirements need to also be done in such a way that they can be signed off, managed and enforced as required by the organisation.

Introduce and enforce awareness training.

Your staff members are your front line of defence when it comes to a cyber event. To achieve that level of awareness required training.

The amount of training should never be less than one hour per month or three hours per quarter.

Protecting customer and client information is critical.

The information that you collect from customers, clients, staff, and other external contacts needs to be protected at all times. This includes encrypting databases, restricting access to systems, reducing the actual information held and making sure that unauthorized access is limited.

Protect your organisation.

Your organisation has unique capabilities, individual intellectual property, trade secrets and other capabilities that if accessed would create major problems for the company. Protecting yourself also includes reputational management, the insider threat and any other areas where the way you do business could be exposed to restricting your capability of creating revenue and increasing profits.