How to
Jonathan Crowe
Jan 2016

5 Critical Cybersecurity Do's and Don'ts for 2016

Photo by Charis Tsevis

Editor's note: This is a sneak peek from our eBook, The 2016 Cybersecurity Playbook, which includes a full scouting report on this year's top threats and tips for how to tackle them. For more info, click here.

Effective cybersecurity is 90% preparation. How successfully your organization reacts to a security incident will largely be determined by the work you put in weeks, months, and years prior.

With that in mind, here are five critical do’s and don’ts to ensure you’re building a solid foundation of security you can count on when it matters most.

1) DO get leadership buy-in early and often

Your leadership team doesn’t have to understand how exactly security works (chances are details may make their heads spin), but they do need to understand why you’re doing what you’re doing, and they need to be on board with what you’re ultimately trying to achieve. The sooner you get them involved in the conversation, the sooner you can a) come to a universal agreement on priorities, goals, and objectives; and b) leverage their help in actually achieving those things.

2) DON'T think spending more will inherently make you more secure

Gartner estimates security spending reached a record-high $75 billion in 2015, yet we saw just as many data breaches last year as we did the year before. Many companies found out the hard way an expanding budget on its own is more likely to deliver disappointment than added security.

We have a tendency to believe improving security means buying more security, which is why, more often than not, security products gather even more dust than home treadmills. Before you spend another dime on security in 2016 remember, budget (and technology) is only as good as the people, process, and strategy you have in place to leverage it.

3) DO have a security incident response plan in place

Because incidents can and will happen to you. And when they do, you need to be prepared to act quickly and decisively. The last thing you want is to be caught off guard — the longer a breach or infection goes unaddressed, the more difficult it is to contain, investigate, and address. Damage and cost of remediation escalates quickly.

Working through an imagined worst-case scenario now can help you better determine what tools, people, and processes you’ll need to have in place to respond effectively. For a good overview on how to develop your own plan, check out AlienVault’s Insider’s Guide to Incident Response.

4) DON'T make security purely an IT problem

Data breaches and other security incidents don’t just affect your IT department, they can have ramifications for all aspects of your business, ranging from technical to financial and legal. The issues stretch far beyond the confines of IT, and so should the responsibility for handling and preventing them.

To be truly effective, you need to develop a culture of security that transforms it into a company-wide effort. As recommended above, that starts with a commitment that comes directly from the top. From there, executives need to put pressure on other business units to better manage and take accountability for risk. Finally, there needs to be an investment in training users to behave as your first line of defense (rather than simply the weak link in the chain — see below).

5) DO invest in employee training

Casting too much of the blame on PEBCAK (Problem Exists Between Chair and Keyboard) can be unproductive, but the truth is relying solely on technology to solve a human-error-prone problem will only take us so far. Nine times out of ten, malware requires human interaction before it can infect its target. That means we have to find ways of removing or disrupting that interaction if we want our security efforts to have meaningful impact.

Getting users to change their habits and priorities is a tall order. To encourage them, try educating them on how their actions can have a very real real impact on your organization’s security — both in a harmful and beneficial sense. Use examples that are personally relevant to them and their day-to-day lives. Focus on positive reinforcement over negative, and don’t be discouraged if it takes repetition for the message to sink in.

Next Steps: DO check out our new eBook

With a scouting report of this year's top threats and a sample 30-60-90 day plan for getting started, our new 2016 Cybersecurity Playbook will help you focus your time and resources on the things that matter most.

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.