Creating a cybersecurity plan is the first step in starting secure and staying secure. Consider this when planning a budget, getting support from staff, and creating company goals. Here are the five essential Ws for getting started.
Why you should add cybersecurity to your budget
Don’t wait until there is a problem to start thinking about a cybersecurity plan. A company may not consider cybersecurity in their budgeting. When there is an attack, the costs – both to the bottom line and to your reputation – can be substantial. When creating a budget, consider allowing for investments in strengthening your cybersecurity. It could be for outside support, tools and services, or upgrades to hardware. In the long run it may be less expensive to consider these preventative measures now than to deal with the fallout of a costly attack later.
When should you start?
There’s no better time than the present. It’s never too late to start, and if you have a cybersecurity plan in place, we advise revisiting it regularly to make improvements.
Who should be involved in building your cybersecurity plan?
There is a misconception that only IT professionals should create, manage, and implement a cybersecurity plan. The reality is that cybersecurity should be on everyone’s to-do list. Getting buy-in from leadership, as well as being transparent with staff, enables cybersecurity to become a priority across the organization. Everyone has a role to play.
What is your level of risk?
No one can prevent every attack and make considerations for every situation. A company should assess their risk and create a plan that aligns with that risk. Use these questions as a starting point:
- Do we have industry frameworks we need to comply with?
- What are the potential costs of a breach?
- What do we have in place already?
- If there is a breach what what should we do?
- What can be fixed now that offers the best protection?
- Are we measuring against industry standards like the CIS Critical Security Controls and CIS Benchmarks?
Where do you find help?
Starting or updating a cybersecurity plan can be daunting. You not only have to create and implement a plan, but you must also continue to monitor your configurations to avoid them drifting or weakening over time. CIS created CIS SecureSuite, a membership program designed to offer integrated tools and resources that can help improve the cybersecurity of more than 100 technologies.
For example, members can use CIS-CAT Pro tools to monitor and test against the CIS Benchmarks to help companies prevent configuration drift.
CIS SecureSuite also provides 24x7x365 technical support and member-only webinars to help you start secure and stay secure.