Do you have a clear understanding of your organization’s cybersecurity policies?
Do you know where your organization’s vulnerabilities are, and what the cost would be if those weaknesses were exposed?
If your organization has not invested in backups and redundant systems, have those choices been made from a deliberate acceptance of risk?
Given the increased frequency of scams and online crimes, ignoring cybersecurity is not an option. Disruption to your digital systems can have immediate and consequential effects.
Approach
The first step in increasing organizational security is to establish a baseline understanding of your organization’s workflow and existing policies. Think about and document how your organization would manage a cybersecurity event under current circumstances: How long would your downtime be? How would that impact your ability to serve your clients? What would be the real cost of recovery?
Highlight the questions you can’t answer, and circle your areas of concern. Compare that baseline with industry-standard best practices and, through consultation with a security professional, make educated decisions about what your organization’s cybersecurity should look like. Then take the steps necessary to bridge the gap between your current and target cybersecurity profiles.
Macktez Cybersecurity Assessment
Our Cybersecurity Assessment is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework v2.0. It begins as a self-guided questionnaire that can be filled out by anyone at your organization who has knowledge of current policies and security standards.
There are five main sections of this questionnaire.
- Govern — What are your organization’s policies, strategy, and expectations around cybersecurity?
- Identify — What cybersecurity systems, workflows, and roles are defined at your organization?
- Protect — How are systems and information protected from loss or theft?
- Detect — What tools and systems are in place to detect a cybersecurity incident?
- Respond — What plans and tools are in place to stop a cybersecurity incident?
- Recover — What plans and tools are in place to recover from a cybersecurity incident?
Macktez will work with you to complete the assessment, then prepare a report on your organization’s current cybersecurity profile along with recommendations for steps to take to reach your target profile.
Results
There are some obvious recommendations we will always make to clients (like multi-factor authentication), but every organization’s budget, workflow, public exposure, and risk tolerance is different, and the results of their cybersecurity assessment will be tailored to their specific needs. The most important thing is that your organization develops a holistic understanding of existing risks and vulnerabilities and makes informed decisions about how to protect valuable data.