A cybersecurity baseline is the minimum protection needed to mitigate cybersecurity threats. These controls also help organizations maintain and achieve compliance and meet state regulations, such as the Safe Harbor law in Ohio, helping them meet cybersecurity insurance standards and insulating them from the very real consequences of a breach.
“Breaches lead to operational disruptions and the loss of meaningful revenue and reputation” says Eric Thal, Managed IT and Cybersecurity Sales Manager at Blue Technologies, Inc. “Organizations struck by a breach could be down for an extended period of time, potentially exposing their customers’ and employees’ identity, financial and health care information. The integrity of financial transactions can also be compromised.”
Smart Business spoke with Thal about the importance of a cybersecurity baseline and how to establish one.
What is a cybersecurity baseline?
A baseline cybersecurity posture is basic blocking and tackling controls — key elements that, when implemented, put an organization in compliance with regulations and help them meet cybersecurity insurance standards. Among those baseline elements are strong passwords and multifactor authentication methodology to access the corporate network, regularly updating software on all systems, having a proper data backup strategy, and providing ongoing awareness and education that’s documented and regularly tested.
Ohio’s Safe Harbor law compels organizations to adhere to one of the well-established cybersecurity frameworks, such as those set forth by the National Institute of Standards and Technology (NIST). At a minimum, organizations need to show that they are trying to follow such guidelines to be non-liable in the event of a breach.
How is a cybersecurity baseline established?
To determine if an organization’s cybersecurity measures are sufficient, a risk assessment is conducted to understand how the organization utilizes technology, how their most critical data is being handled and who can access it when and why. Data is then classified and protected based on the controls outlined by NIST.
Because email continues to be one of the greatest sources of breaches, tools are put in place that will redirect the email to a filter that utilizes AI to identify known and unknown vulnerabilities.
Regular security awareness training should also be conducted. That can be done through software via platform-based training at least once annually, if not quarterly, depending on the industry and the sensitivity of the data handled in their role.
Endpoint detection and response is also critical. It provides next-generation defense capabilities and allows IT to gather forensic information necessary to determine the cause of the breach, which is important from an insurance and liability perspective, as well as a training and development perspective so mistakes aren’t repeated.
Organizations should designate a security team that meets regularly — at a minimum once a quarter, if not monthly or weekly — to talk about the risks in the environment and compliance requirements. It’s a risk-based management approach to reduce the likelihood and impact of an event, ensuring the organization maintains a legally defensible position.
Who can help companies ensure they’re protected?
Look to work with a service provider with a deep bench of cybersecurity and IT experts, and one that bases its approach on industry best practices and most well-established frameworks. IT is a broad field with multiple domains and it’s impossible for one person to be an expert at all of them. By working with a managed services provider (MSP) that has multiple resources within each of those domains, organizations get access to a team of professionals. Look for a custom approach, and MSP’s that are flexible and can work in a co-managed environment where the services provider sits side-by-side with a company’s IT to augment areas of expertise.
Cybersecurity requires regular assessments of the environment, identifying the top risks, patching those and then retesting to confirm those issues have been resolved. It’s an ongoing, iterative process as bad actors are constantly working to discover new ways to breach organizations.
INSIGHTS Technology is brought to you by Blue Technologies, Inc.
