For all companies, a robust cyber security program stems from the top. Management
must be fully-engaged in a cyber security initiative and support it 100%. Without executive buy-in, a cyber
security program will not be successful. The C-suite -the CEO, COO, CFO, CISO and CSO – must
become informed and proactive, not reactive, regarding cyber security. A culture of cyber security
awareness, due diligence and responsibility must prevail. The internal IT team, as well as any external
IT professionals used, should be aligned and in direct communication with a cyber security organization;
one which specializes in cyber security and has a team of cyber security professionals who are
experienced and current on the latest cyber threats and effective strategies for defending against them.
Some of these organizations offer mentoring, training and certification programs for their clients’ IT teams
and MSP staff which should be pursued. Additionally, all employees should be educated regarding their
responsibilities to the cyber security initiative. This includes guiding them with policies relating to effective
cyber security practices such as changing passwords regularly, being aware of what constitutes
suspicious emails, turning off their computers and personal devices at the end of the day, and reminding
them that personal devices used for work too must adhere to sound cyber security practices. By building
a strong relationship with a cyber security firm based on trust, in the same way a company relies on its
accounting and law firms, cyber security will rise to the level of a critical operation.
In addition to cyber security training, key tactical measures that every sound cyber security program
requires are:
Live Penetration Testing – Attempts to penetrate a network from the Internet and external IPs
Vulnerability Detection – A minimum of two scans per year on an internal network
Anti-Key Logging Software – Keystroke encryption software to prevent malware from stealing
sensitive data
Identity Theft Protection Services – To mitigate risks and damage
Ongoing Cyber Security Bulletins and Urgent Alerts – To keep executives, IT staff and MSP staff
informed on the latest threats and other timely information
Cyber Insurance – Liability insurance as well as cyber extortion insurance
“The Inconvenience of Cyber Security”
Cyber security is inconvenient; no question about it. It is, however, necessary and not something that
should be left up to others. While organizations should avail themselves of the expertise and experience