Which processes are crucial for improving cybersecurity resilience?
Some processes have a bigger impact on resilience than others. The list below is based on best practices for U.S. small and midsize businesses (SMBs) and highlights the processes that most strongly influence security. If these processes are missing or poorly managed, they often become the source of common risks that put your information and data at risk.
Strengthening these internal processes is essential to improving cybersecurity resilience. Here are key areas to focus on:
1. HR Management Processes
Job Applicant and New Hire Screening Processes
- Screen job applicants and new hires to reduce insider threat risk
Employee Onboarding Processes
- Ensure new hires receive security orientation and understand company security policies and procedures
- Access assignment by role: assign permissions based on job role and responsibilities as part of the standard onboarding process
- Include data protection, intellectual property (IP), and, where appropriate, non-compete and confidentiality clauses in employment agreements
Employee Offboarding Processes
- Follow strict offboarding procedures to promptly revoke access to all systems and data to prevent unauthorized access
Access Management Processes
- Ensure employees have access to information and software based on their job role, authority, and need-to-know
- Access management: regularly review and update user access rights so employees only have access needed for their current roles
- Update access for sensitive and critical systems and data when job roles change
Employee Training and Awareness Processes
- Provide regular security awareness training to keep employees informed about current threats and best practices
- Promote a security-first culture where employees share responsibility for protecting company data
2. IT Management Processes
IT Staff Training and Awareness Processes
- Run regular drills so IT staff are familiar with standard operating procedures
- Ensure IT staff have the required certifications and ongoing training
Data Backup and Recovery Processes
- Updates
- Data Backup and Recovery: Schedule regular backups and store them securely on offsite or cloud locations.
- Perform routine backups of critical business data
IT maintenance processes
- Maintain an operational maintenance log for each IT asset - both hardware and software
- Keep current documentation of your IT environment
- Manage changes to your IT environment and assess their impact
Update and Patch Management Processes
- Regularly update operating systems, software, and business applications
- Use a standard patch management process to address known vulnerabilities promptly
Testing Processes
- Testing: Test backup and recovery regularly to confirm data can be restored quickly after an incident. Implement multi-factor authentication (MFA) for additional account security.
Incident Management Processes
- Incident Response:
- Create and routinely update an incident response plan to quickly detect, contain, and resolve security incidents.
Business Continuity and Recovery Processes
- Define actions to take during a disruptive event
- Plan how to restore normal operations and meet recovery time objectives
Change Management Processes
- Track user requests and incident tickets
- Maintain a disaster recovery plan for cyberattacks, natural disasters, or system failures
- Govern the development and procurement of new IT solutions
3. Vendor Management Processes
Vendor Screening and Onboarding Processes
- Keep vendor contracts organized and up to date
- Use a signed NDA when needed
- Control which IT vendors can access your systems and data
Vendor Security Reviews and Audits
- Review vendors on a regular basis
4. Policy Management Processes and Rules
- Enforce a clear and reasonable password policy that follows best practices.
- Ensure all company computers and mobile devices are protected with strong passwords or passcodes.