Former American football coach Tony Dungy was propelled into success when he led the Colts into a Super Bowl-winning season, the first the franchise had seen in over three decades. He achieved the seemingly impossible by focusing on a simple philosophy. He believed that champions don’t do extraordinary things. They do ordinary things, but they just do them without thinking. They get the fundamentals right, and they execute them correctly every time. This philosophy doesn’t only apply to sports, but cybersecurity and other IT fields too.
In today’s cyber landscape, credit unions need to have the right tools in place and do the fundamentals well. There are always more extensive and more advanced cybersecurity tools, but before you invest in those, make sure you’ve got the basics covered. Much like in sports, while it can be fun to run trick plays, the teams that win are the ones that perfect the fundamentals.
What Are the Cybersecurity Fundamentals?
Cybersecurity Starts at the Top
Board members and executives must buy-in and support cybersecurity initiatives across the organization. C-suite executives must be engaged in cybersecurity and understand the importance of developing information security (InfoSec) policy and investing in the right tools and services. A vital element of this is communication and continued engagement.
A common roadblock in starting cybersecurity projects is proving their value. If cybersecurity is done well, then it looks like you’ve done nothing at all. This is why it’s essential to keep executives engaged so they can see the value of continued cybersecurity initiatives. You can show statistics of attacks countered or prevented or highlight the importance of acting now. It’s predicted that by 2021, 100% of the Fortune 500 companies will have a chief information security officer (CISO) position available. Still, many will struggle to fulfill this role due to a skills gap.
Design and Architecture
Design lives at the core of security. How well your systems are designed, where your data is stored, and how you access it all impact security. Ensuring your systems are built with cybersecurity in mind is crucial. This also applies to looking at your current systems and reviewing their architecture, as well as evaluating any cloud or SaaS architecture that your company uses.
Maintain and Update
All equipment in your network, including vendor equipment, needs to be kept patched and up to date. It’s estimated that unpatched vulnerabilities cause one in three breaches. Please don’t make it easy for cybercriminals.
Protect and Monitor
All networks should use basic tools that help protect your systems. These tools include things like endpoint protection, firewalls, IPS, SEIM, and more.
Once you’ve designed a new network with cybersecurity at its core, you can’t rest easy. Now you need to monitor the network 24/7 to scout for suspicious activity continually.
Incident Response and Recovery
If you focus on the fundamentals, you end up with a robust cybersecurity strategy, and you should see a reduction in incidents because of this. However, no protection is 100% foolproof. This is why testing and simulating your response is crucial. Plan and practice, and then do it some more.
With executive sponsors, regulators, and more attention on cyber than ever before, reporting is vital. Be prepared to communicate effectively to all relevant stakeholders and parties.