In the aftermath of the 2020 election, cyber security has made national news, as various politicians, news organizations and technical experts have opined about the security of various elements of electoral infrastructure.

 This blog post will not engage in political discussions—we leave that to people in that particular field. We do, however, recognize that many organizations may be more inclined to think about their own security positioning as a result of this national conversation, and as such, now is the perfect time to discuss some areas for your organization to focus on as the New Year approaches.

Create an incident response plan

Cyber security strategy starts with an incident response plan—it’s that simple. But what some organizations don’t realize is that a plan includes a number of different facets. Of course, technical and legal responses are important pieces of the puzzle. But additionally, for example, organizations should have a plan for communicating with customers during an incident, especially in sectors where the law explicitly requires it.

Organizations should also consider including areas like HR, finance and even public relations in a plan. The bottom line is that trying to figure out how to respond for the first time during a crisis almost always makes the situation worse. A response plan allows you to simply follow the steps you have laid out previously, rather than making decisions on the fly.

Prepare for social engineering attacks

Social engineering is the top weapon employed by cyber criminals today. While hacking technology and systems is always an option, typically it is far simpler for bad actors to simply deceive people.

These attacks can take many forms. A simple example could be an email that is “spoofed” to look like it is coming from an employee’s manager, asking the employee to provide credit card information or submit a payment somewhere that appears legitimate. Only upon careful examination can a user see that the email is not in fact coming from the manager, but rather from a look-alike address. Helping your employees understand what to look for in social engineering attacks is a critical piece of a cyber security strategy. (click here for a more in-depth discussion of this topic)

3. Consider a managed security provider

The fact is, it’s difficult to develop and execute plans, make decisions about technology and train employees internally, especially if you are not a Fortune 500 company with an internal team of cyber security professionals on staff. Managed security providers provide the knowledge you need to protect your organization from threats while keeping costs down and letting your internal IT team members work on other projects.

Regardless of the industry you are in or what your organization hopes to accomplish next year, you can be sure that cyber security is going to be paramount next year. If you would like to do talk about cyber security—or any other part of your IT stack—please feel free to reach out.