Every October is Cybersecurity Awareness Month. But for us at Nerds Support, every month is Cybersecurity Awareness Month in Miami! We spend a significant amount of time educating and empowering our clients and prospects on how to mitigate their risk. This is why we have made a strong commitment to our weekly blog posting and why, for October, we will be posting daily articles focused on Information Security.
The name of the game in Information Security is to mitigate your risk. We throw that phrase around all the time, but what does it mean? If we turn to our trusted dictionary, the word mitigate means, “to make something less severe, harmful, or painful.” So to mitigate risk means to make the risks associated with information security less severe, harmful, or painful. Notice that we did not say we were going to eliminate Cyber Security risks. Why? Because that is not realistic. There is no true way to completely eliminate risks in anything, especially when it comes to information security. So what can we do to mitigate our risks around Cyber Security? Well, without giving away all the information that we will be presenting during the two major upcoming Business Expos in South Florida : Doral Chamber of Commerce Power Business Expo on October 5th and Great Kendall Business Association Expo on October 13th , here are the three main buckets that we look at when helping an organization mitigate their risk:
- People – This is a large part of Information Security. No matter what technology you have in place, there is a person that handles managing that technology. Also, there are users of technology who pose a risk, through no real fault of their own. Whether clicking on a link that installs malware or letting a “remote tech support rep” take control of your system to “install programs”, We are confident most users do not purposely do these things to cause harm. This is why we suggest Cyber Security Awareness Training Programs (hint: programs, not once a year training), Policies and Procedures, and Social Engineering Assessments to “test” your employees.
- Process – The businesses that we work with handle some form of sensitive information. Whether it is credit card information, protected health information, or the personally identifiable information of their employees, every company has some responsibility around protecting that information. So we look at the process of how your organization receives that information, transmits that information inside your network, and how that information leaves your company to its next place. Therefore, we look at things like access control to determine who needs to have access to what information and why. We look at things like least privilege and the use of administrator accounts on local machines. All these processes (or lack there of) have an impact on the risk associated with the information that your company possesses.
- Technology – Technology gets all the glory, and for good reason. We have come a long, long way in terms of technological advances which is a positive thing. Yet, with great reward comes great risk. As fast as we can stand technology up, are we able to provision the security around that technology as quickly? Are we segmenting networks that process sensitive information? What software platforms process and transmit sensitive information? These are all questions around the use of technology and while technology remains the lifeline of many organizations, the improper security of technology can have lasting, negative impacts.
Now the question becomes, with all these moving parts, what can we do to mitigate our risk? On October 5th,at the Doral Chamber of Commerce Power Business Expo and on October 13th at the Great Kendall Business Association Business Expo , we will be exhibiting our Cyber Security solutions , packages and offers and also educating visitors by giving them 5 “quick-hits” that they can put in place to mitigate their risks of a data breach/loss.