Cybersecurity in the Whitespace
A recent online post pointed out that the whitespace in the FedEx logo, between the “E” and “x”, creates an arrow.
Once you see the arrow, you cannot miss it. You will see it every time you look at the logo.
The subtle, almost subliminal, arrow symbolizes a sense of forward motion and subconsciously reinforces the FedEx brand message of on-time delivery.
The power of the logo is not just the name, it is in the symbolism. The same is true for your cybersecurity.
The power of your cybersecurity is not just in the overt actions, success is in the whitespace.
Focus
Our cybersecurity efforts often focus on the concrete measures we can take to protect ourselves and prevent attacks. We deploy hardware, install software, and configure settings to both passively and actively protect our systems, data, and people. These actions are tangible and visible.
Cybersecurity Whitespace
Equally important, if not more so, are the less visible cybersecurity efforts– your cybersecurity whitespace. Ask yourself these questions:
- Is cybersecurity awareness a deliberate part of your culture?
- Do you educate your team on their role in cybersecurity?
- Do employees and contractors understand which behaviors help security and which can harm it?
- Does your team understand how to recognize, report, and respond to security risks and attacks?
- Do you have policies and procedures in place that set expectations for maintaining appropriate cybersecurity?
- Do these policies and procedures include guidance and limits on human behaviors and actions that can pose or elevate risks?
- Do you have consequences for negligent or deliberate non-compliance?
- Do you understand the risks should a cyber attacker gain access to your systems?
- Do you understand the protections you need in place to limit attacker access to identities and sensitive information?
- Can you isolate attacks and prevent them from spreading across your environment?
- Do you have plans in place to not only restore damaged or lost data, but to recover your business from a successful cyber attack?
- Do you have cyber insurance?
- Do you have clear action plans for how your business will respond to a successful cyber attack?
- Will you be able to run your business while you recover your systems and data (and/or while computers are held as evidence)?
- Do you have plans and resources in place to:
- Comply with state and regulatory reporting requirements?
- Communicate effectively with customers, vendors, and partners?
- Manage your legal and financial liability?
Model for Success
Successful cybersecurity includes the visible and the whitespace. Our Security CPR model and managed security services include all three best-practice pillars:
- Communication and education
- Security awareness focused on human behaviors, risk recognition, and responding to suspicious acts.
- Policies and procedures that guide and protect your business in line with compliance requirements.
- Prevention and protection
- Expertise, tools, and services to prevent cyberattacks and protect your business, data, and team.
- Compliance assessment and management services to benchmark and certify to appropriate industry and regulatory standards.
- Recovery and response
- Business continuity services to keep your business running during forensic investigations and data/system recovery and restoration efforts.
- Data restoration and disaster recovery plans and resources to return your business to normal operations as quickly and effectively as possible.
- Cyber insurance brokerage partnerships to ensure your business is properly covered within your budget.
Call to Action
If you have not done so recently, now is a great time to step back and assess your IT services and solutions. Our Cloud Advisors are ready to help and assist with any questions or concerns. Start with a complimentary Rapid Security Assessment, contact us, or schedule time with one of our Cloud Advisors.
About the Author
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.