Andrew Tyler participates in cybersecurity virtual forum
Senior consulting engineer Andrew Tyler was a panelist for a recent cybersecurity virtual forum presented by the Hartford Business Journal. The theme of the forum was how the pandemic has forced a change in the way many businesses approach cybersecurity in this new work-from-home world.Shena Seneca Tharnish of ComcastBusiness Services, the presenting sponsor, was the moderator and was joined by Tyler, Tim Weber of ADNET Technologies, Patricia Fisher of JANUS Associates, Mark Torello of Whittlesey Technology, and Donald Bardinelli of Whelen Engineering.
One common cybersecurity practice these days is to phish your own employees to test them and make sure they're learning and understanding the training they've received. Andrew said that the most important thing is to keep cybersecurity best practices top of mind.
A lot of people have been doing training for years, but usually once a year they'll do a cybersecurity training. You have to maintain that training as top of mind. You have to go through a few minutes every month just to keep it in their heads so that security is always in their minds when they're working.
Andrew also discussed business continuity and incidence response planning and how it has to be an integral part of your business.
If you're not building security on top of your IT stack right now, then you're already behind the curve. And you're in some sort of trouble from a risk assessment standpoint. It has to be a core part of your business.
Some businesses, Andrew said, are over reliant on cyber liability insurance.
Your liability insurance will cover you, potentially, but preparation is still far better than relying on falling back on somebody else to take care of you after the fact. It's basic business planning.
When asked what a company's cybersecurity budget should be, Andrew said it comes down to the particulars of the business.
You have to know what your crown jewels are. You have to know what the critical elements of your business are. What drives your business? What makes you profitable? What keeps you up at night? If you haven't done that work, you don't know where your risks are. You don't know what you have to protect.
One final question was asked of each of the panelists: If you were to do any one thing right now to make your organization secure, what would it be? Andrew focused on DNS-based protection.
One of the things that I consider an absolutely essential part of any business environment, is to protect your DNS requirements. I use OpenDNS, which is now called Cisco Umbrella. I've found that that product does so much for you for a very low price point.