For business leaders committed to reducing cyber risks within their organization, being fully informed about your IT infrastructure and cyber security controls is a great starting point. Given the complexity and broad scope of activities impacting your cyber risk posture, breaking things down into digestible chunks can be helpful. This post will start at a high level and basic hygiene activity – is your front door open or closed?
Think of your IT network as a house with many of your most valued assets within the rooms, closets, cabinets, nooks, and crannies. It is important to keep bad actors away from your most prized possessions. Entry into the house most likely, but not always, occurs by coming in through the front door. The most basic approach to prevent unwanted visitors through the front door is to make sure the door is closed – makes sense, right?
So now let’s parallel this with your IT Network. Your front door is your ‘edge device’ – or your firewall. You may have multiple edge devices as you may have multiple ingress/egress points within your environment connecting your organization to the Internet and external business partners. Each firewall represents a ‘front door’ to your IT network. In order to shut that front door, you need to properly inspect, manage, maintain, document, and monitor that firewall. This means it is someone’s explicit responsibility to:
- routinely conduct activities as best practices to secure those devices and make sure and maintain current firmware/upgrades
- review documentation and configuration in order to identify irregularities
- establish 24/7 monitoring of the status of those devices
- pressure test those devices for vulnerabilities and threats
- understand where gaps and weaknesses exist that might allow for bad actors to gain access
- inform leadership about the criticality and stability of these crucial devices
IT Managed Service Providers such as Mandry Technology can provide cost effective options for outsourcing such activities which would lessen the pressure on the organization to find and retain talent with these skills, knowledge, and experience. Also, Equipment manufacturers such as Cisco and Meraki offer many configurable devices to help supplement your resources to accomplish these goals.
Shut the front door! This is no small task and should have leadership buy-in as a priority – just as making sure you as a homeowner take steps to assure your front door is shut! This is just one of the many crucial activities that should be prioritized by business leaders as it relates to effectively managing cyber risk for the organization – remember, there is no silver bullet theory here to address all your risk and help you sleep better at night. Effective cyber risk management is accomplished by an ongoing series of processes and activities, not a one-time or once-a-year project.
#cybersecurity #cyberriskmanagement #cyberrisk #firewall #firewallmanagement #itnetwork #networksecurity #msp #cisco #ciscomeraki #meraki