Your company has suffered a cybersecurity failure! The steps you take to respond to the crisis will define how your customers respond. Handle the problem with grace and generosity and your brand may emerge stronger as a result. If your security event management is weak, your company may struggle for years to catch up. In the first few days after the security event happens, what can you do to respond?
Security Event Management: 30 Days after the Event
In the short term, you’ll need to work with IT security crisis specialists to help you repair the damage, engage the media, and work with customers. After a few weeks, the initial damage assessment and response will be complete. After that work is complete, you’ll need to undertake a more in-depth analysis of your organization. We suggest analyzing your organization through three dimensions: technology, process, and people.
1. Technology Evaluation
- Identity and Access Management: Do you have 100% coverage of all your organization’s systems in your IAM system? If the answer is no, you’re increasing the likelihood of a security event in the future.
- Third-party risk evaluation: Review all the software and platforms you use from cloud providers. Do you have up-to-date security evaluations completed for all vendors? Do you have monitoring processes in place to review newly established servers, accounts, and applications?
2. Process Evaluation
Is IT security awareness training offered to all employees regularly? Some organizations only provide this training to employees when they’re hired. That isn’t good enough if you expect all employees to take responsibility for IT security. For example, do you provide training on password habits to prevent password reuse disease?
Does management have monthly, quarterly, and annual IT security reports to review? To answer this question fully, you also need to consider whether your reporting adds value. There’s a simple way to measure the value of reporting: has it prompted management to take action? If you’re continually reporting “green” or “no problems,” then your reporting processes may not be sensitive enough to detect problems.
3. People Evaluation
Like it or not, internal threats and weaknesses are one of the most significant drivers for security events. Here are a few ways you can evaluate the security awareness and capabilities of your workforce.
Password habits: Conduct a random sweep of your office to check employee workspaces. If you find evidence of people writing down passwords on slips of paper or leaving cabinets unlocked, such behavior indicates room for improvement. We’ll cover ways to improve password management below.
Adoption of Multi-Factor Authentication (MFA): Run a report to find out the percentage of employees who’ve used MFA in the past month. If the usage rate is below 80%, you’ve found an easy opportunity to improve security.
Adding It all Up
Use the following categories to understand your observations in the previous section.
● One significant weakness: With only one major problem, most of your cybersecurity framework is functioning smoothly. This means your organization is likely a few months away from a fully optimized state.
● Two significant weaknesses: Most organizations are in this category following a security event. They may have well-trained and motivated people, but not the supporting process and technology to help them become effective. There’s substantial work to be done, but you can do it.
● Three significant weaknesses: There are serious challenges ahead to improve your security event management and overall cybersecurity program. You may need to engage your project management office to discuss strategy and where to get started first.
Now that you understand where your organization stands, it’s time to review your options to reinforce password security and cybersecurity more generally.
Review Your Options for Long-term Improvement
Consider the following list as you plan your projects in pursuit of improved password security and cybersecurity strength.
1. Support Employees with Improved Password Management Tools
If you work in IT security, you’re always thinking about security risk and ways to manage it. Most employees in the organization don’t think like that. Lecturing employees to do better with their passwords will only get you so far. You need to make password management easy for them. We suggest implementing Apollo, an IT security chatbot, which makes it easy to reset and manage passwords 24/7.
2. Bring Multi-Factor Authentication (MFA) to Your Organization
Relying solely upon passwords to protect access to your organization is no longer enough. Unfortunately, too many people reuse passwords, and many other people use easy-to-guess passwords. Instead, bring multi-factor authentication so that your employees can use other means, such as their smartphones, to authenticate themselves. To get you started down this path, you’ll need to develop a business case for multi-factor authentication.
3. Review and Improve Your New Employee Onboarding Program
Each new hire comes to your company with different levels of awareness in cybersecurity. Some are going to exceed your expectations. Most will be happy to follow your expectations, but only if you lay them out clearly. To execute this project, you need to work with human resources to review the onboarding program prepared for new hires. If there’s no cybersecurity training offered to new hires within the first 30 days, that’s a gap to be solved right away. Start by providing an employee password training program.
The Upside of Suffering a Security Event
In the short term, suffering a security event is a painful experience. However, there’s a bright side to the experience. You have a real-world test for your organization’s cybersecurity defenses. Previously stalled UT security projects will receive a new sense of purpose (and funding!) in many cases. Just make sure you don’t waste the experience by pretending that business, as usual, is sufficient.