{"id":6023,"date":"2020-01-29T11:23:24","date_gmt":"2020-01-29T17:23:24","guid":{"rendered":"http:\/\/tricorps.com\/?p=6023"},"modified":"2021-12-29T21:54:30","modified_gmt":"2021-12-29T21:54:30","slug":"key-areas-for-assessing-your-cybersecurity-risk","status":"publish","type":"post","link":"https:\/\/tricorps.com\/2020\/01\/29\/key-areas-for-assessing-your-cybersecurity-risk\/","title":{"rendered":"Key Areas for Assessing Your Cybersecurity Risk"},"content":{"rendered":"\n

Often, when you click on an article regarding cybersecurity, the first thing you will see is some scary statistic about how vulnerable your organization is to cyberattacks. You\u2019ve clicked on this article, so you are obviously concerned with your organizational cybersecurity. So, let\u2019s skip the scary statistics. I think anyone who spends any time paying attention to the news is well aware of mounting vulnerabilities when it comes to information security. <\/p>\n\n\n\n

In short, the more information we migrate from a physical form to a digital form means the more vulnerable we are. When we lock information in a file cabinet, we only need to secure it from people who could potentially break into the cabinet and steal it. When we toss this information up into the cloud, a whole lot more people have access and opportunity for larceny or defacement.<\/p>\n\n\n\n

Technology is a constant dance between convenience and\nsecurity. Ignoring digital tools would leave an organization far behind the\ncompetition who are using these tools to increase efficiency and experience.\nHowever, as we\u2019ve seen, ignoring or incorrectly aligning organizational\ncybersecurity can have devastating consequences. It\u2019s a dance, a balance. You\nwant not to be afraid to use digital tools to advance but you must also be appropriately\nconsiderate of the risks you face.<\/p>\n\n\n\n

The bottom line is you can\u2019t remediate risks until you\neffectively understand your risks. That\u2019s why a cybersecurity risk analysis is\nfundamental. During a risk analysis, we work with an organization to assess the\nfollowing critical areas of risk. We do so by interviewing a wide diversity of\nteam members from across the organization while also examining relevant\nprocesses and procedures. Understanding and remediating your risks in the\nfollowing areas is critical to effective cybersecurity.     <\/p>\n\n\n\n

  1. Data\nCriticality:<\/strong> You likely are collecting some sort of information about your\ncustomers. Would this information be valuable to outside actors? Absolutely. This\nmay be in the aim of identity or financial theft or to hold this information\nhostage to force you to pay ransom. <\/li><\/ol>\n\n\n\n

    To adequately protect your data, you must first understand the data that you possess. Then, you must understand where this data is located (both in transit and at rest). You also have to understand who has access to this data (both in-house employees and third-party vendors). Understanding the data you possess, and then ranking your available data by value can help you prioritize what pieces of data require the most protection, so you know where best to channel resources.<\/p>\n\n\n\n

    1. Employees:<\/strong> Cybersecurity breaches are not that complicated, although it often can seem like it when we start talking about routers, switches, firewalls, and intrusion detection systems. The vast majority of cyber breaches occur because of two things. The first is bad passwords. Attackers are able to breach a network because people use weak passwords or reuse passwords, and they do not have a second factor of authentication. <\/li><\/ol>\n\n\n\n

      The second way is when a team member clicks\non a link or downloads an attachment in an email that contains malware, or\ninadvertently gives out sensitive information to a \u201cspoofed\u201d account or person.\nThat\u2019s it. The majority of cyberattacks come from these vulnerabilities. Like a\nwhite shirt and blue suit, these attacks are simple, classic, and timeless. <\/p>\n\n\n\n

      The \u201chuman firewall\u201d is an organization\u2019s greatest vulnerability. It consists of the human team members who have access to your network. Remediation in this area involves monitoring employees, constantly training them on cybersecurity best practices, and assuring they have access to only the data they need to complete their jobs.<\/p>\n\n\n\n

      1. Physical Security: <\/strong>How hard would it be for someone to sneak into your building? What if the person was dressed up like a maintenance worker? Would they be able to gain access to the network without someone asking questions? Do your employees hold open the door for people they don\u2019t know? Might someone have the ability to stick a USB drive into a computer and download data? How secure are your servers? When people consider cybersecurity, they often don\u2019t consider physical security. But it is a big part of keeping an organization\u2019s digital fortress safe.  <\/li><\/ol>\n\n\n\n
        1. Product\/Services: <\/strong>Do your products or services possess risks if they were compromised digitally? What if critical intellectual property was stolen? Could an employee run off with an important customer list or blueprints? While guarding customer personal information is imperative because of the regulatory and reputational risks, guarding important intellectual property may be, in some ways, just as critical, because losing this could mean a loss of competitive advantage and market share. <\/li><\/ol>\n\n\n\n
          1. Vendors: <\/strong>Do your vendors have information that could put you at risk? Third-party breaches are a huge concern. When Target suffered a cyber breach in 2013, affecting 41 million payment cards, the cause was, in part, due to credentials given to a third-party HVAC vendor. <\/li><\/ol>\n\n\n\n

            An organization is only as secure as the\nweakest vendor that has access to its network. It is important for\norganizations to employ the practice of \u201cleast privilege.\u201d This means only\ngiving vendors access to the information that they need to complete the task\nyou have engaged them for.  <\/p>\n\n\n\n

            1. Competitors:<\/strong> You might think it\u2019s not a possibility but consider a scenario. Would a competitor recruit one of your employees or hire one of your employees if that employee could offer them a look at critical intellectual property or a customer list? It happens, and it happens more than you might think.  <\/li><\/ol>\n\n\n\n
              1. Infrastructure<\/strong>: Your network is vast and needs constant oversight. We recommend frequent penetration testing, network audits, and vulnerability monitoring. These things will help you quickly identify and remediate holes in the network that can be exploited.<\/li><\/ol>\n\n\n\n
                1. Regulatory<\/strong>: From HIPAA to OSHA, they\u2019re acronyms that can cause heartburn. What regulations are you responsible for, how do digital tools alter that responsibility, and what are the ramifications if you fail to meet your regulatory burdens?  <\/li><\/ol>\n\n\n\n

                  New regulations such as the European Union\u2019s General Data Protection Regulation (GDPR) and the recently enacted California Consumer Privacy Act (CCPA) place a greater penalty on organizations that misuse or misplace consumer data. People, as well, are becoming increasingly savvy about their personal information. They want to do business with organizations that treat this data with appropriate significance. A high-profile data breach can be devastating in both financial AND reputational costs.<\/p>\n\n\n\n

                  1. Cybersecurity Insurance:<\/strong> Cybersecurity insurance is a burgeoning field that is ripe with pitfalls for organizations. A leader may ask, am I properly covered? What are my liabilities if I get breached, what about if a vendor is breached and my information is compromised? Will I be covered in the event of any breach that may occur? These are important questions that need to be assessed. <\/li><\/ol>\n\n\n\n

                    Cybersecurity insurance can be murky. For instance, we\u2019ve recently seen insurance companies deny claims for cyber breaches because they argued the breaches came from a foreign government, and therefore the breach was an act of war and excluded from coverage. It is important to have your cybersecurity insurance vetted to ensure you\u2019re properly covered if the worst occurs.   <\/p>\n\n\n\n

                    When we conduct a cybersecurity risk analysis, we meet with\nleaders and others throughout an organization to learn everything we can about its\nvulnerabilities and cyber practices. Then we are able to develop a current\nstate (where an organization currently stands) and its desired future state\n(the level of cybersecurity risk it hopes to achieve). After this, we able to\nplot out a roadmap that allows the organization to get from its current state\nto its desired future state. This can help an organization strategically plan\nto deploy resources in specific areas to best protect itself from the growing\nmenace of cyber risk.  <\/p>\n","protected":false},"excerpt":{"rendered":"

                    Often, when you click on an article regarding cybersecurity, the first thing you will see is some scary statistic about how vulnerable your organization is to cyberattacks. You\u2019ve clicked on this article, so you are obviously concerned with your organizational cybersecurity. So, let\u2019s skip the scary statistics. I think anyone who spends any time paying […]<\/p>\n","protected":false},"author":2,"featured_media":6025,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6023","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"acf":[],"featured_image_src":"https:\/\/tricorps.com\/wp-content\/uploads\/2020\/01\/riskanalysisphoto-1.jpg","featured_image_src_square":"https:\/\/tricorps.com\/wp-content\/uploads\/2020\/01\/riskanalysisphoto-1.jpg","author_info":{"display_name":"Sarah Burrows","author_link":"https:\/\/tricorps.com\/author\/sarahburrowstricorps-com\/"},"_links":{"self":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/posts\/6023"}],"collection":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/comments?post=6023"}],"version-history":[{"count":0,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/posts\/6023\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/media\/6025"}],"wp:attachment":[{"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/media?parent=6023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/categories?post=6023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tricorps.com\/wp-json\/wp\/v2\/tags?post=6023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}