Data Is the New Currency; Are You Ready for Cybersecurity Awareness Month?

Share Button

Data is the new currency.

Information or data is the crown jewel for many organizations. While breaches at big corporations such as Target, Sony, and Home Depot make the headlines, small and mid-size businesses are still prime targets for hackers. These businesses are especially vulnerable as they don’t have many of the security measures found in large companies. They have to worry about perpetrators breaching their network through network devices or back doors, as well as employees knowingly or unknowingly handing out information to the attackers. The risks associated with security incidents can be damaging and can include financial, reputational, and operational setbacks. Small and mid-size organizations are increasingly embracing the need for a sound cybersecurity strategy that sets a foundation to combat cyber risks and recover from security incidents in an efficient manner.

At Aronson, we offer unique insight into developing a multi-year cybersecurity strategy. The multi-tiered foundational block approach coupled with governance and culture provides a roadmap that offers the most bang for the buck. We help clients customize their cybersecurity program based on industry type, business needs, regulatory requirements, and specific business and cyber risks. Small steps can go a long way and ultimately help to mature a cybersecurity program. Our 11-point cybersecurity strategic plan is as follows:

  1. Understand your risks and threats landscape.
  2. Assess, classify, and build extra protection around critical data.
  3. Update policies, processes, and procedures to address point-in-time and forward-looking risks and embed cybersecurity culture.
  4. Assess your cyber insurance coverage.
  5. Conduct penetration tests and vulnerability scans (internal and external) on a reasonable frequency. Remediate highest risk areas.
  6. Get up-to-date on patches and subscribe to security advisory mailing lists.
  7. Set up an Insider Threat program, even bare bones will do as a starting place.
  8. Conduct security awareness and training on a regular frequency (once a quarter).
  9. Manage vendor security through policies and processes.
  10. Have contingency and incident response plans in place that include law enforcement, forensics (digital, human, and physical), client, investor, legal, media, and PR responses.
  11. Implement technologies that complement your processes.

Not doing anything at all is not an option these days. If you’re interested in protecting your organization and its data, give your cybersecurity program the thorough attention it deserves. Let’s start a discussion. For more information, please contact Payal Vadhani, MBA, IT-CMF, at Pvadhani@aronsonllc.com.

About Payal Vadhani

Payal Vadhani has written 2 post in this blog.

Payal Vadhani is the partner-in-charge of Aronson LLC’s Technology Risk Services Group. She is an innovative and seasoned executive with more than fifteen years of technology risk advisory and assurance experience. Her experience has been providing internal auditing, IT risk management, information and cyber security, third party reporting, compliance, process improvement, and additional technology risk services to clients across industries. In particular, she has extensive financial services experience. Throughout her career, she has sought to align clients’ needs and strategic objectives with an approach that manages the risks of technology with the benefits. As a trusted advisor to her clients, Payal succeeds in breaking down complex technology concepts and developing pragmatic, cost-effective solutions that minimize risk and add value. She offers significant experience building technology risk management programs and managing large advisory engagements. In her current role, she is focusing on the development of risk services related to existing and emerging technologies including cloud (private and public) computing, mobile computing, big data, social media, and internet of things. Payal earned a Master’s of Business Administration degree in Information Technology from American University. She received her Bachelor’s in Engineering degree in Computer Science from the University of Pune, one of the premier universities in India. She holds credentials in IT Capability Maturity Framework (IT-CMF) and Certified Information Systems Auditor (CISA).

View Archives

Blog Authors

Latest Webinar Videos