Resources

Cybersecurity 101 for Non-Technical Leaders

Arctic IT News, Articles and Events

March 10, 2022

Your CIO or IT Director is dialed into the many tools available to protect your company against cyber threats. As the leader of your organization, you should be able to rely on your technology experts to manage this priority since you oversee other critical priorities for your organization.

Outdated technology and limited IT staff can leave you vulnerable to attacks, which means things need to change now or risk it all. If you are already taking steps to a secure infrastructure, congratulations!

Trying to wade into that conversation can be frustrating when you’re a leader who doesn’t make technology decisions every day. For this purpose, we’ve narrowed down what should be on your radar. Paying attention to how your technology team handles the items on this list can avoid costly remediation or, worse, severe data loss.

Fundamental cybersecurity basics every non-technical executive needs to understand:

Security Policies

The first step in any good cybersecurity plan is to have policies and procedures that address privacy and confidentiality. These are the guidelines your team will need to follow regarding who has access to data, how it can be used, and how it needs to be protected. Having these policies in writing helps ensure everyone is on the same page regarding data security and identifies who is responsible if something goes wrong.

Consult with your cyber insurance carrier. They can prescribe a specific set of actions that need to happen during a cybersecurity event, which will ensure that those policies payout when you need them the most.

Critical Information Assets

Task your team to keep an inventory of critical information assets. Doing this can ensure a fast response, especially if the incident or breach requires investigation and remediation efforts. Essential assets of information include:

  • Social security numbers
  • Addresses
  • Credit card numbers
  • Anything other information that leaves you exposed to identity theft or fraud

Data Backup and Disaster Recovery

Plan for emergencies. Have your technology team create a data backup and disaster recovery plan that identifies how quickly you need to be fully back up to 100%. Critical data may need to be accessed immediately and can be better served by cloud strategies. However, you may have historical data that doesn’t require the same level of urgency. If your systems are compromised, or your data is lost or stolen, a recovery plan will give you a better chance of quickly getting back up and running. 

Multi-Factor Authentication (MFA)

Use multi-factor authentication for all compatible accounts, and ensure your devices are up to date with the latest security patches. Multi-factor authentication can help prevent unauthorized users from accessing accounts that have this technology enabled, even if they have obtained the user’s password.

There are many options for MFA, depending on what type of account you want to protect. The least secure is SMS, where you receive a text message with a number to input on the login screen. In most cases, better options are USB Tokens and Mobile Push Notifications that will ensure more robust security. Make sure your organization is using this protection whenever possible. It’s easy to turn on in many applications and is critical to your defense.

Firewalls and Antivirus

Installing a good firewall and antivirus software is vital for a secure network. Both tools can help protect your systems from malware and other types of attacks. Your firewall allows for secure use of your network hardware, whether your employees are in the office or working remotely. Note that an antivirus tool or firewall hardware can still be compromised by new and emerging viral code known in the industry as zero-day attacks. Always keep these patched and up to date.

Cybersecurity Education

Your people are your first line of defense. Educate staff on cybersecurity best practices, and make sure they understand the importance of protecting their personal information. Investing in cybersecurity training and awareness efforts with staff members is a must since they are often the first line of defense against attacks. Social engineering and targeted phishing attacks on staff are a much more frequent threat than a hacker targeting your perimeter hardware.

All these steps are important, but the most important thing is never to stop learning about cyber threats and how to keep your organization protected. If your IT operations are solely internal, use your best judgment. The world of cybersecurity is constantly changing, so require your IT staff to take refresher courses and attend training that will keep them educated on this crucial topic. Many resources are available to help you do this, including government agencies such as the Department of Homeland Security and private organizations such as the National Institute for Standards and Technology (NIST).

When to hire an expert

In some cases, it might be helpful to hire a cybersecurity expert to help you protect your data. Many experts are available and can provide valuable insights and advice on how to best protect you from cyber threats. If you engage with an expert, count on them to create a comprehensive information security program, which includes policies, procedures, guidelines for users, awareness campaigns, and security audits. If they don’t offer this, don’t hire them.

Partner with a managed services provider

Another option is to partner with a managed services provider (MSP). The most valuable MSPs are cybersecurity experts and can help your team protect its data by providing expert advice and support. They can also manage your network security for you, so you don’t have to worry about it. This is an excellent option for companies that don’t have the in-house expertise or capacity to deal with these issues. Many MSPs offer different service levels, so you can choose one that meets your specific needs and budget.

MSPs take care of all the legwork for you, from developing a comprehensive security plan to installing and maintaining the latest security software. They also provide regular reports on how your network is performing and what will improve its security. They can help you budget for upgrades and network refreshes and free up your time so you can focus on more critical tasks, such as running your organization.

MSPs also have a lot of experience dealing with cyber threats, and they know the best practices that will guard against the latest attacks. They can also help you respond quickly and effectively if there is ever a security incident.

To recap our recommendations:

  • Get your security policies in place or updated
  • Inventory your critical assets
  • Implement a data recovery plan NOW
  • Ensure your team is using MFA for as many accounts as possible
  • Install and maintain a good firewall and antivirus software
  • Keep applications up to date
  • Periodically refresh staff on latest cybersecurity trends and technologies
  • When appropriate, partner with an MSP

If you’re ready to host a conversation with a trusted technology provider, we’re here to help. Arctic IT has been helping organizations navigate modern solutions for over a decade. As a Microsoft Gold Partner, we can help you understand why the security and agility of their platform are unmatched.

Microsoft has been leading the way with the zero-trust architecture, and our experts would be glad to share what that means for you. Connect with us today to learn more.

By Andres Gonzalez, Account Executive at Arctic IT