Cybersecurity has a lot of evolving variables, making it tough to know exactly what you should be doing to ensure your organization is well-equipped against cyber-attacks. We’re here to help. There are certain things you should be prioritizing to best serve your organization.

5 priorities for you

To help guide your initial cybersecurity strategy, here are a few steps you should take.

1. Identify all sensitive and valuable information- You cannot effectively protect your organization if you don’t know what information you’re aiming to keep secure. What data is most valuable to your organization? This should be your number one priority! This might include personally identifiable information (PII) and credit card data, and could extend to things like manufacturing data or intellectual property.
   • Put yourself in the criminal’s shoes- What data would you want to steal? What holds the most value?
2. Prioritize initiatives based on data sensitivity. Rank your data from most sensitive to least sensitive. You may have limited resources, meaning you likely won’t be able to pay equal attention to every piece of data.
   • What kind of things are most important? Your most sensitive data is the data that would have the worst impact on your organization if it was stolen.
3. Make sure senior leadership is on Board with your cyber plan. The success of your cybersecurity efforts depends on companywide adoption of the policies and initiatives you put in place. Aligning your program with senior leadership’s goals can go a long way. You want to be sure your program is impactful in the long term, so attracting that “buy in” from leadership is crucial.
   • How should you go about building this rapport? Put together some information before you go to senior executives and the Board. Include information on what your competitors are including in their programs, how much of a budget will be needed to support the initiative(s), who will need to be involved, how you will measure progress, etc.
4. Conduct a Cyber Risk Assessment – A Cyber Risk Assessment will assist you in quantifying the items above and assist in the allocation of resources to protect the most sensitive data. Part of a Cyber Risk Assessment includes an assessment of your network environment. Check out our recent blog, . A network assessment will help you review your existing structure and comprehensively assess the productivity of your performance, management, security and processes. This will help you decide which security policies, control and products will best serve your business’ needs.
   • How often do you have to perform a network assessment? We advise our clients to have a third party network assessment, including vulnerability and penetration testing, at least annually and when a significant change to your infrastructure occurs. For example, are you planning to shift your network structure to the cloud? Before a large roll-out, it is best to make sure you understand exactly where you need to make improvements. This is where the network assessment helps.
5. Implement effective security awareness training for all employees. As we’ve expressed before, people are the weakest link in any organization’s cybersecurity efforts. You’ll want to prioritize awareness training as soon as you roll out your cyber plan.
   • Repetition is key- Emphasize often how critical data security is to your company’s overall success and continually stress the responsibility of each employee to protect company data. All employees should be trained to recognize a suspicious email or other data threat and know the proper reporting procedure for such a discovery.

As your cybersecurity program develops, your priorities may shift. Use the steps above as a guide to help you create a flexible cyber strategy that can adapt and protect your organization as the threat landscape continues to evolve.

Questions? Contact any member of our Information Security Services Team.