Case-study-background

Blog

Advice and best practices for writing SOPs, training for product launch, outsourcing technical documentation, and more.

Cyber Security Protocols to Reduce Risk in Regulated Industries

Just a day before the announcement of the Equifax breach, the considerations and primary concerns of cyber security were highlighted at the Innovative Solutions Tech Conference – bringing these risks top of mind for companies operating digitally.

Some of the biggest voices in the tech industry gathered in Rochester in early September to discuss best practices for cyber security. Each presenter delivered a deep dive on different impacts of technology, but the growth of cybercrime was a focal point of the conference. Speakers shared staggering cyber security stats, including:

  • 4 billion people will be online by 2020
  • Ransomware costs small businesses $8500 per hour
  • Wannacry alone affected 200,000 computers in 150 countries in 1 day

novatek_cyber-security2Novatek wrapped up the day by presenting on the role of documentation and training in reducing risk and managing a security breach. Attendees left with specific steps they can take now to ensure that their companies are prepared.

Priorities for Managing Cyber Security Risks

The cyber security segment of the conference included insights from Jeremy Schiefer of Innovative Solutions, Mike DePalma of Datto, Inc., Alan Winchester of Harris Beach PLLC, and Novatek's own Linda Kniebel.

Attendees agreed that the risk is substantial and building an IT toolkit to mitigate it requires deep expertise, but so does the process controls for their use. Novatek and other presenters shared best practices to mitigate social engineering risks. Here are the key themes and takeaways:

1. People are your biggest weakness – but you can mitigate human error.
– Jeremy Schiefer, Innovative Solutions

Be proactive about building employee awareness. A simple test with a phishing campaign, such as an email with a product invoice, bank confirmation, or purchase confirmation, can help companies gauge cyber security awareness based on the actions employees take. To improve employee awareness and reduce your company’s risks:

  • Educate – provide ongoing education through emails, posters, and computer-based training
  • Test – send additional phishing attempts to see if the education or  awareness has improved
  • Report – analyze and compare results of the test phishing attempts
  • Mitigate – create policies, processes, and procedures for information security and incident response

2. Have backup solutions – it's better to have them and not need them than to be unprepared.
– Mike DePalma, Datto, Inc.

Developing business continuity plans and disaster recovery plans saves your company in the long run. If you are hit with Ransomware, your company is less vulnerable if you have a backup solution. A business continuity plan empowers the company to focus its attention on implementing the backup solutions rather than paying the ransom. Much like companies recognizing the need for data backup, preventative recovery plans are an important part of readiness.

3. Comply with rules and regulations – they are in place to help reduce risks.

– Alan Winchester, Harris Beach PLLC

Compliance is not one-and-done. Cybercrime evolves, requiring companies to regularly conduct assessments, update policies and controls, inform and train, and test and audit. These actions are the foundation of cyber security protection and risk mitigation. Companies should create policies and procedures that align with the company’s risks and risk assessment and meaningful controls that can be measured.

4. Protect your biggest asset – people.
– Linda Kniebel, Novatek Communications, Inc.

Monitoring company vulnerabilities and addressing concerns with updated training and documentation can help companies protect against employee mistakes, ensure efficient response to an incident, and protect the company reputation with effective and timely incident resolution. Cyber security can be overwhelming, and many companies don’t know where to start. Novatek has identified key first steps to building a cyber security protection plan:

  • Assess current gaps and areas of risk – vulnerability assessment, policy and procedure review, compliance gap analysis
  • Planning and development
  • Training

To better protect your company against a cyber attack, learn about Novatek's Risk Mitigation Plan or the customized planning session that combines the expertise of our team and and your IT team.

Risk Mitigation Plan

Learn More

Topics: trends, cyber security

 EU MDR