How Business Owners Can Protect Their Companies From Cyber Threats
Cybersecurity experts share tips for how business owners and corporate leaders can protect their companies from cyber threats.
Air Date: June 29, 2021
Moderator: Vince Voci, Executive Director Cyber Policy and Operations, U.S. Chamber of Commerce
Featured Guests: Trent Frazier, Deputy Assistant Director, Stakeholder Engagement, Cybersecurity and Infrastructure Security Agency (CISA), Bradford J. Wilke, Senior Advisor, Stakeholder Engagement, Cybersecurity and Infrastructure Security Agency (CISA), Spencer Ferguson, Founder and CEO, Wasatch I.T.
As cyber attacks become more prevalent in today’s digital world, corporate leaders need to protect their businesses from cyber threats. These actions are crucial to protecting business networks and data that support critical infrastructure. The more prepared business owners are for these cyber intrusions, the easier detection and recovery become.
Below, industry experts explain how business leaders can leverage essential cybersecurity measures to protect their businesses against cyber threats.
Efficient Cybersecurity Starts With Effective Leadership
Strong cybersecurity relies on strengthening leadership, said Trent Frazier, deputy assistant director of Stakeholder Engagement at Cybersecurity and Infrastructure Security Agency (CISA).
“As leaders, you influence your organization in diverse and far-reaching ways, such as ... what you do to safeguard resilience across your business,” he explained.
Frazier notes that how you interact with your employees will be the foundation of your business’s cybersecurity policies and best practices.
“Start with what you might think is a reasonable set of boundaries or practices,” said Frazier. “...Then use those as a conversation starter with your IT staff … [and] across your workforce to see what kinds of policies might assist in your success.”
Training and Awareness Are Key to Hindering Cyber Threats
The way staff members handle cybersecurity contributes directly to the efficiency of an organization’s cybersecurity measures, said Bradford J. Wilke, senior advisor of Stakeholder Engagement at CISA.
“Cyber vulnerability and threats don't happen in a vacuum,” said Wilke. “It's about making sure you understand [how your staff is] contributing to the operating partnerships in the environment,”
The two ways to ensure staff members are appropriately utilizing cybersecurity measures are through awareness and training. Awareness involves keeping an open dialogue with your employees as you discuss best practices and assess risks and contingency plans. On the other hand, cybersecurity training can also be low-key through ‘lunch and learns’ or local classes.
This “becomes the cornerstone of cyber hygiene,” said Wilke. “You need to enlist that trust and open communication across the staff… for this to really work and be efficient,” he continued.
Data Protection Is Dependent on the Security of Its Surroundings
Data is the powerhouse of an organization. Customer information, analytics, and financial information can make or break a business. To protect this data, you must know exactly how it’s being handled, said Wilke.
“[It’s about] who has access to what data from what point in time and space,” explained Wilke. “And … looking at the protocols that are put in place to protect that data and recover it when needed.”
Wilke states that a fundamental way to protect your business is by backing up data deemed crucial by the business in the event of a cyber attack.
“You need to ask yourself if a certain record was unavailable … how much pain would the organization feel?” he said.
When protecting data, Wilke said to confirm that “the data has some fundamental protection from viruses [and] malicious code [by] making sure those basic blocks and tackling software like antivirus is part of your essential activities.”
Businesses Must Have a Plan for When Cyber Attacks Occur
Wilke warned that cyber and ransomware attacks do occur, so it’s important to have a strong crisis response plan for these instances.
When you’re planning, “you're being honest with the limitations that you have, how quickly you're going to be able to restore and how many resources need to be pulled in to help you affect that kind of recovery,” said Wilke.
He also notes the validity of taking inventory of your contingency plan and course-correcting to determine best practices for the next time an attack occurs.
“[Make] room for improving the defenses that were really weak that led you into that [attack],” said Wilke. “It’s not just about recovering back to normal from backups; it's about learning and improving … that security posture.”