6 Ways to Refresh Your Security Program for 2020
As we prepare to leave 2019 behind, we’re looking forward to an even better 2020. Entering into a new year is the perfect time to consider a fresh start. That’s the beauty of New Year’s Day. We get the chance to reflect on the previous year to see where we can improve in the new year ahead as individuals and as an organization.
If you’re writing a list of New Year’s resolutions for your organization or your team, we have an addition: strengthening your security program. Commonly overlooked, a security program is an area that can always be improved. Even if your security processes are running better than ever before, you have everything to gain by continuing to tighten your controls—because we can all agree that 2020 is not going to be the year your organization experiences a breach.
Now that you’re ready to start the year out strong, let’s take a look at what you can do to refresh your security program. We’ve compiled a checklist of the most important areas to review.
6 Security Program Areas to Review
1. Review your policies and procedures.
Your policies and procedures require an annual review, at minimum. The end of the year is an ideal opportunity to comb through your documents to ensure they accurately reflect your environment. Identify areas where you can add detail and pay close attention to what might have changed throughout the year. Be sure that all changes are approved and documented. You will need to keep an accurate record of review as evidence for compliance regulations applicable to your organization.
2. Check in with your IT team.
We often refer to your team as your best asset, and we mean it. When you take care of your team, they take care of your organization. Additionally, they see the day-to-day operations from a different perspective than upper management—which is why it’s essential to check in on how they’re feeling, what’s going well, and what could improve.
Here are a few questions to ask:
- Do you feel that you have enough time to complete your daily IT tasks?
- In which areas do you wish you had more support? Security, maintenance, and so forth?
- Do you have insight into what could improve if you had the resources?
- What can we do to help you the most?
- Are there any IT-related projects you wish you could explore?
3. Conduct an employee training session.
Regular training sessions keep security best practices on top of your employees’ minds. Security education doesn’t have to be dull. Use this time with your team to create an environment of engagement and accountability. The more team members understand why information security is important, including real-world examples of security gone wrong, the more ownership they can take over keeping your organization safe.
4. Recognize employees’ efforts in security.
As we mentioned, security education doesn’t have to be dull. Engage employees by giving recognition for their dedication to information security, motivating them to keep up the good work.
5. Conduct a risk assessment and test your incident response plan.
Like policy and procedure documents (see #1), your incident response plan and risk assessment require annual attention. Your risk assessment is an integral tool that helps you identify risks and decide how to mitigate them. Your incident response plan builds a foundation so that your team is always ready to handle a potential incident. If you have yet to implement a risk assessment or incident response, contact an information security professional to learn where to begin.
6. Set clear expectations and goals for the year.
Some New Year’s resolutions might fall by the wayside, but not this one. By setting goals for the year, your team has an objective to work toward and will be able to measure progress throughout. Once your goal is set, create an action plan with timelines that your team can follow to reach each objective.
How We Support Your Team
This year, consider how your team could thrive with additional support. Many organizations are turning to managed service providers to take daily tasks off of their team’s plate. By outsourcing the day-to-day, you give employees the capacity to explore revenue- and core-focus-driven projects, without sacrificing efficiency and security. MSPs work independently as an organization’s external IT department or partner with an existing IT staff to fill in gaps that might slow down operations or create security vulnerabilities.
Technology Lab works with you to identify where we can help you reach your goals, and we use that information to create a long-term technology plan in alignment with your organization’s future. Contact us to begin your first consultation. Our team of experts is available to guide you through how MSPs add value without dragging down your budget.