16 October 2020

Developing a Cybersecurity Plan: Step 1 of 5

An international campaign known as Cybersecurity Awareness Month is held every October to help individuals and businesses be more secure online. We’ll be sharing information and tips all month long in an effort to help small business owners protect themselves, their businesses, and devices!

The NIST Framework

One way small businesses can get started is by implementing the National Institute of Standards and Technology (NIST) Framework. This framework was created through collaboration between the US government and tech industry. It gives small business owners the ability to come up with a cybersecurity plan tailored to their specific needs.

The NIST Framework consists of 5 functions:

  1. Identify and understand your business assets
  2. Protect those assets
  3. Detect any cyber threats
  4. Respond quickly to threats and minimize impact
  5. Recover from any breaches

Step 1: Identify Your High Value Assets

In order to #GetCyberSafe, you must Identify any assets such as data, information and systems that are critical in operating your business. As a result, these assets are of high value to cyber attackers.

Often, cybersecurity breaches occur from devices or users on a business network that were not approved to be on a network.  This can happen with old computers not used anymore, personal cell phones on a network, or new devices brought onto a network without IT’s awareness.  If devices aren’t adhering to the company’s security standard, they become the weak link in the security perimeter.  Therefore, identification of all tech assets is a critical first step with cybersecurity.

You can begin by taking these quick actions:

  • Identify the risk if any data were to get lost or compromised
  • Create and keep an up-to-date inventory list of data and physical devices. Note down all of the information such as manufacturer, make, model, serial number, and any support information for hardware and software. For software, keep a record of the specific versions that are currently installed and running
  • Use an Remote Monitoring and Management (RMM) or Mobile Device Management (MDM) application to track these assets in real time
  • Know where all of your data and technology are stored as well as who on your team has access to it
  • Note down critical processes to keep data safe as well as personnel responsible
  • Pinpoint all devices that are connected to your wireless by changing the wireless password for your corporate account. This will force any new devices to request the new wireless password from your IT team or management
  • Ensure you have a guest wireless account for any guest or staff personal devices that is separate from the corporate network

Next week we’ll take a look at how to Protect these assets and Detect potential cyber-attacks.

In the meantime, get in touch with our team and learn whether your business is cyber secure!

About Red Rhino

Red Rhino provides Managed IT Services, Support and Consulting to businesses in Vancouver and the Fraser Valley including Abbotsford, Langley, Surrey, Burnaby, Richmond, Coquitlam, Delta, and White Rock.