3 Ways + 4 Measures + 5 Approaches + 5 Myths = 17 Questions – BSW #219

Organizations should have an incident response plan in place to get the compromised networks back and recover from the damage as early as possible. Here are the four immediate steps to follow when dealing with a cyberattack: 1. Contain 2. Report 3. Investigate and Recover 4. Remediate

A guide for CISOs and security leaders to enable a business with Application Security and a shift left approach starts with: 1. Cybersecurity influence on Organizational Culture Change 2. The Product and Application Security Program Checklist 3. Building out AppSec Focus Areas

Chief Information Security Officers (CISOs) are not typically perceived as business enablers. Their core responsibility is to safeguard the company’s sensitive information and operational services, which makes us naturally risk-averse. Business innovation tends to require some level of experimentation, failure, and recalibration. But for the CISO, a single instance of failure can be catastrophic. The good news is that many of the same technologies used to lock down environments can be repurposed to enable innovative new use cases with significant potential for business transformation. Additionally, new capabilities continue to emerge. Let me highlight three possibilities below: 1) Creating secure sandboxes for development teams to innovate freely 2) Using machine learning to dramatically improve application time to market 3) Freeing the value of data

Cybersecurity forces us to stay sharp and is continually challenging us to be better at what we do. The top five cybersecurity approaches you should consider are: 1. Teams/Slack Notifications for Critical Issues 2. Start Learning Incident Response 3. Harden Your Critical Infrastructure

Recent high-profile security incidents have tightened requirements to qualify for cyber insurance. These are the tougher questions insurance carriers are now asking, including: 1. Do you perform regular backups and store them in a secure off-site location? 2. Do you limit remote access to all computer systems by using two-factor authentication? 3. How many PII records are held on your network? 4. Do you provide periodic anti-fraud training to employees? 5. Are processes in place to request changes to bank account details including account numbers, telephone numbers, or contact information? 6. Are you using Office 365? 7. Can users access email through a web application on a non-corporate device? 8. Do you strictly enforce SPF on incoming emails? 9. Are your backups encrypted and kept separate from the network whether offline or with a specialist cloud service? 10. Do you use endpoint protection in the network? What brand? 11. How long does it take to install critical, high severity patches? 12. Do you have a SOC? 13. What steps are you taking to detect and prevent ransomware attacks? 14. Have you implemented a hardened baseline configuration across servers, laptops, desktops, and managed mobile devices? 15. How do you implement local administrator rights? 16. Do you provide users with a password manager software? 17. Are end-of-life or out-of-support hardware and systems segregated from the rest of the network?

Here are three ways companies can show they value their employees through effective communication. 1. Maximize Communication Channels And Techniques 2. Dismantle The Red Tape And Have An Open-Door Policy 3. Give Employees A Seat At The Table

We believe fear has created stumbling blocks for many organizations when it comes to flexibility. Companies either become frozen by fear or they become focused by fear. It is focus that can help companies pivot during challenging times. In the years that we’ve been working with companies on flexibility, we’ve heard countless excuses and myths for why they have not implemented a flex policy. In fact, the Diversity & Flexibility Alliance has boiled these myths down to the fear of losing the 5 C’s: Loss of control Loss of culture Loss of collaboration Loss of contribution Loss of connection