The world of cybercrime and cybersecurity are ever evolving, and new concepts are developing. A relatively new term to the cyber-family is the idea of ‘security posture.’ So that leads us to ask, what is it?
The term ‘cybersecurity posture’ refers to the organizations overall cybersecurity strength, related to the internet and its vulnerability to any outside threat.
So why is this a big deal? Well, “nearly 70 percent of board members from the largest U.K. firms reportedly have received no training to deal with cyber indents, and 10 percent do not have a cyber-response plan according to a report from the U.K. National Cyber Security Centre (NCSC).”
You might be thinking, that’s the U.K., I live in the U.S.; then you might be surprised to hear those “numbers are noticeably poor even in comparison to the U.S. Healthcare system, where less than half of IT professionals feel confident in their organization’s overall level of cybersecurity.”
To help organizations start the cybersecurity posture conversation, the NCSC created these five questions to answer which are designed to help better understand the risks and the areas that the organization needs improvement on.
How are we stopping phishing attempts?
· You must be able to answer that you are filtering and blocking all incoming phishing emails
· All external emails are marked as external
· Be sure you are catching any spoofed emails
· Educating staff on what to be looking out for
· Use of a proxy server to limit a phishing attack
How are privileged accounts handled?
This is for the individuals that have access to all items in the network.
· Email and internet should not be accessed from these accounts
· All accounts should be closed when an employee has left the organization
How are software patches applied?
· Make sure these patches are applied routinely
· You must be able to identify, triage and fix flaws in a timely manner
· Run routine audits to ensure your set procedures are followed
Are our third-party vendors secure?
· Healthcare data is shared between different organizations- be sure to that these businesses have polices in place
· Build security into the contract with any vendor
· Limit the services exposed and data exchanged
How do we control access?
· A strong password is a start
· Have staff set up two-factor authentication when possible
Regardless of which industry your organization operates in, knowing what your cybersecurity posture is crucial in building a long-term cybersecurity strategy
By creating a cybersecurity roadmap for your organization, this will help strengthen your cybersecurity infrastructure over time.
Extract is always in favor of our clients and prospects having excellent cybersecurity. When we process files to extract discrete data values, route documents, and automate workflows, we leave all of those files behind our clients’ firewall, avoiding extra layers of data exchange and potential data loss. If you’d like to learn more about how we protect documents in transit and at rest as we quickly route important data, please reach out to us today.
About the Author: Taylor Genter
Taylor is the Marketing Specialist at Extract with experience in data analytics, graphic design, and both digital and social media marketing. She earned her Bachelor of Business Administration degree in Marketing at the University of Wisconsin- Whitewater. Taylor enjoys analyzing people’s behaviors and attitudes to find out what motivates them, and then curating better ways to communicate with them.