Organization leader: here are the 6 actions you need to take in cybersecurity

You are a company executive and you see so many hacking cases in the media, you wonder what you can do to protect your organization from hacking?

Here are the 6 actions you need to take in cybersecurity:

1- Take leadership on your cybersecurity

Whether you're a small business or a large organization, as a director, you'll be on the front lines if a major incident impacts your organization.

It is therefore important to take the lead and ensure that your organization is well secured. Organizing a meeting with your IT or cybersecurity manager to discuss your cybersecurity is essential.

2- Ask your IT or cybersecurity manager to present your cybersecurity risks

You absolutely must have a clear picture of the top cybersecurity risks that can impact your organization. There are cyber risks that are obvious like ransomware and phishing and others that are related to your industry. For example:

• A hacker might be interested in stealing your intellectual property if you are active in R&D. He could rely on ransomware or industrial espionage.
• A malicious person could be interested in stopping your production lines with the intention of harming you or demanding a ransom in the case of manufacturers.

For each of the identified risks, your IT or cybersecurity manager must indicate the impact on your organization (e.g.: production line shutdown for 72 hours, theft of 100,000 credit card data, etc.). Ideally, the risks should be quantified to facilitate detection. For example, a production line shutdown for 72 hours due to ransomware could cost an organization $300,000.

Important: ask your IT or cybersecurity manager if he/she has the expertise to do this cyber risk analysis. If not, it's important to get help from an outside cybersecurity firm.

If you don't have an internal IT team, get an outside firm to do a risk assessment for you.

3- Ask for confirmation of the existence of measures to mitigate your main cyber risks

Ask your IT or Cybersecurity manager to confirm whether measures are in place to mitigate your top cyber risks. You'll discover (often to your amazement) your actual exposure level. You may be reassured or shocked, but the sooner you know, the better.

It is important to know that there are several ways to deal with a risk:

• Accept it: you decide to live with the risk and assume the consequences in case of a hack.
• Transfer the risk: take out cybersecurity insurance to cover a given risk (e.g. ransomware cases).
• Eliminate or minimize the risk by implementing mitigation measures.

Importantly, you should never accept risks related to legal (e.g. Act 25 on the protection of personal information in Quebec), regulatory or contractual obligations. In fact, you are directly responsible and you could personally face justice if an incident occurs and it turns out that you were negligent.

4- Evaluate the level of cybersecurity expertise of your IT team

Many senior executives assume that their IT staff is specialized in cybersecurity because they know how to install antivirus software or a firewall. This is a big mistake.

You need to have a frank and honest discussion with your IT or cybersecurity manager about internal cybersecurity expertise. IT managers are just asking for it. They will be happy to tell you exactly what the situation is, if you ask.

If you have any doubts about whether in-house cybersecurity expertise exists, you need to take action:

• Train your IT staff in cybersecurity
• Hire a full-time or part-time cybersecurity specialist
• Collaborate with a cybersecurity firm that can support you by acting as an extension of your internal IT team

5- Confirm that you have an incident response plan

Consider that at some point you will experience a cyber attack. In many incidents, the impacts increase simply because the response teams are poorly trained or prepared, leading to trial and error or poor decisions. This causes the incident to be mishandled and the impacts explode. Ask your IT or cybersecurity manager if the organization has a robust and regularly tested incident response plan. If the answer is no, it's because your IT team doesn't have the expertise. In this case, you should solicit a cybersecurity firm to help you define your incident response plan.

Personally ensure that the incident response plan is tested at least once a year.

6- Confirm the existence of a cybersecurity action plan

Check with your IT or cybersecurity manager to see if you have a cybersecurity action plan. The plan should clearly outline, at a minimum, the actions you plan to take over the next 24 months to protect yourself from cyberattacks.

If you don't have an action plan, it is likely that your IT team does not have the required expertise. In this case, we strongly suggest that you get help from an external cybersecurity firm.

How can Streamscan help you?

Streamscan's expertise covers the development of cyber threat detection technologies, remote security monitoring of organizations, response to cyber attacks, etc.

We also continuously assist organizations to improve their cybersecurity level to face the evolution of cyberattacks (risk analysis, cybersecurity diagnosis, incident response plan, etc.).

We can help you better understand the cybersecurity issues and challenges that can impact your organization. Talk to one of our experts.