Editor’s note: The opinions expressed in this commentary are the author’s alone. Angela Redmond is director of attest services at Barr Advisory, which has offices in Kansas City. Barr Advisory, a cloud-based security and compliance solutions provider, specializing in cybersecurity, is a financial partner of Startland News.
Cybersecurity is an ever-changing field. Hackers and cybercriminals are getting smarter and constantly changing their approach, which is why it’s important to stay aware of the latest trends and breaches. Cybersecurity isn’t just an exercise you can check the box on and forget about—it requires continuous improvement and consistent alignment throughout an organization.
So how can you be sure you’re gaining traction in your cybersecurity efforts?
Oftentimes the idea of cybersecurity can be overwhelming, particularly for smaller businesses that aren’t sure where to start. Small steps like staying up-to-date with industry blogs and webinars, attending trainings, and communicating common themes you’ve noticed across your organization are excellent ways to begin gaining traction in your cybersecurity efforts and achieving continuous improvement. Once security is ingrained across the organization, then you can begin to think about cybersecurity certifications or aiming for a SOC 2 report. It can be helpful to have someone, or a group of people, that are designated as security leaders within the organization to keep everyone on track.
Let’s learn more about how to gain traction with your organization’s alignment, processes, and people:
Gaining traction with alignment
Organizational alignment on a cybersecurity vision with short and long-term goals is crucial. Once you’ve established your cybersecurity vision, it’s important to measure and track how your organization is gaining traction towards its goals.
If you’ve already performed a risk assessment, establish a regular cadence of meetings to make sure everyone from leadership down is on the same page with cybersecurity initiatives. Use the risk assessment as the leading point for the agenda for these meetings—after you’ve identified security-related risks, you can create action items to remediate those risks. A key part of these regular meetings is to follow up on action items and provide status updates to key stakeholders. These meetings can also provide an opportunity to discuss any issues or potential issues. Depending on your organization, these meetings can be held quarterly or even monthly.
Regular security-focused meetings can also be used to keep everyone up-to-date on the latest cybersecurity trends or breaches. One strategy is to use security meetings as a book club—everyone reads a book, article, blog, or listens to a podcast prior to the meeting about a relevant cyber trend. Part of the meeting can be dedicated to discussing what they learned and how it may affect their organization.
If your organization is working toward any certifications or reports, these meetings are a good time to have regular internal updates on the progress.
Gaining traction with cybersecurity processes
The most important thing organizations can do to gain traction on their cybersecurity processes is to prioritize security from the very beginning. Whether it’s a new process or a new product, it’s much easier to implement security measures early on instead of going back later.
Having an automation-first mindset can also help you to continuously improve your processes. Ideas can naturally flow when you determine what manual activities can be automated so that you can focus more fully on the real prize: security.
It’s also important to stay on top of ongoing trends with industry certifications. There are always new certifications or refreshes to existing ones. Instead of just working towards a SOC 2 and stopping there, continue looking for ways to improve your security by researching and identifying the framework that works best for your organization.
Gaining traction with people
Most organizations have an annual security awareness training, which is important, but it’s just as important to think about your people from an ongoing perspective. It’s easy for the security mindset to go stale if employees only need to think about security once a year. Regular, company-wide communication about security efforts or book clubs across different departments are helpful for keeping cybersecurity top of mind.
When you hone in on the importance of cybersecurity and employees buy into it, they’re more likely to naturally think about baking cybersecurity into their processes instead of waiting to be told to do so. Too often, company culture makes employees worried they’ll “get in trouble” for failing a phishing test or security training. When organizations prioritize security and the role everyone plays in the organization’s cybersecurity objectives, it can help employees get on board. Building a cybersecurity culture helps with ongoing, continuous improvement when it comes to your organization’s employees.
Measuring your traction
Cybersecurity efforts need to be continuously measured. It’s not enough to simply set your goals—progress needs to be tracked in order to continue guiding your organization in the right direction. A cybersecurity scorecard is an extremely valuable tool for measuring your organization’s traction towards the cybersecurity vision. A scorecard is an evaluation tool that provides a quantified measurable against a predetermined key performance indicator (KPI). You can learn more about how to set cybersecurity KPIs and implement a cybersecurity scorecard with BARR Advisory’s How To Use Cybersecurity KPIs whitepaper.
When the mindset of continuous improvement is part of the cybersecurity vision and culture, it gives your organization the opportunity to grow, become more agile, and achieve cyber resilience.
BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity consulting and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.
Interested in learning more about gaining traction in your cybersecurity efforts? Contact Barr Advisory today.