1. Know what you need to protect

An IT security fundamental: Know what you need to protect. However, you can’t protect what you can’t manage. Consider the following questions:

  • What are your most valuable information assets?
  • Where are they?
  • Who has access to them and why?
  • When are they being accessed?

Factual answers to these questions can help to establish an understanding of the critical pieces in your infrastructure that need attention. It will also provide insight into what normal activity looks like, which will better enable you to recognize abnormal patterns of behavior. This in-depth evaluation requires collaboration between IT, security, and the business.  We’ve done this and can help with answering these questions.

  1. Evaluate your security posture

Regular independent network assessments are an important part of effective cybersecurity. They can be invaluable, but only if their results are weighed in the context of the business and existing security infrastructure. By analyzing assessment output with business risk in mind and applying that knowledge to the development of a sound security strategy, Business & IT executives can help their organizations make the most of their security budget and strengthen their overall security and compliance posture.  We’ve done this and can help with performing this analysis.

  1. Implement an Anti-Virus, Endpoint Protection Solution

As you must conduct financial transactions from your business network with your banking organization, then you are susceptible to one of the fastest growing & pernicious cyber threats: Banking Trojan Botnets. "Nearly 40,000 successful data breaches in financial and insurance companies are attributed to this threat. That’s more than 27,000% greater than the remaining 146 confirmed data breaches in this vertical." We have implemented & regularly monitor these controls successfully and can assist with addressing this risk.

  1. Ensure Back Ups are Secured & Support the Business

As well as being good operational practice, in the event of a Ransomware attack secure backups could be the difference between a loss of $1 Million, significant system downtime & respectability amongst your investors/customers.  Identifying critical systems, establishing controlled backups and securing the repository are the premiums your business pays to protect against such a likely attack.  We have implemented and tested these controls and can help your team with this.

  1. Fortify your Email System/Process

Phishing is one of the primary tactics used by cyber-attackers to gain a foothold into your network. Properly configuring your email and deploying filtering solutions can reduce your infection rate down below 1% and substantially increase your IT/Business productivity (due to the reduction in time spent addressing infected machines).  We have seen excellent results from our team’s efforts to analyze and remediate this problem.   

  1. Train Your People on Security

Lastly, by no means least: Train your employees to identify digital risks.  The “Human Element” is the most exploited weakness in any breach.  Properly educated/informed employees will balance the goals and risks associated with a given business effort or initiative.  Classic question: “What happens if we train our employees and they leave?” A bigger concern should be the question: “What happens if you don’t and they stay?”  …Then you’re at greater risk for a Cyber Incident.  We have a track record of measuring and improving our associate’s security knowledge over time which has led to substantial reductions in incidents and system downtime.

FirsTech will help you! Our IT Security professional can do a quality assessment of where you are and recommend where your focus needs to be and prioritize your concerns. Don’t let someone vandalize or steal what you have built, let FirsTech help you secure it now and into the future.

About the author

As Chief Information Security Officer for Busey Bank, Bob has leveraged his 15+ years of deep cyber security and resiliency experience to deliver sustainable end-to-end enterprise risk and security solutions and services to Fortune 100 & 500 businesses. His seasoned background includes building and recovering enterprise risk and security programs. This has enabled Bob to forge long term relationships with senior and executive management, in order to build consensus on optimized security solutions as an investment strategy for key stakeholders and boards of directors.