Know you need some cyber in your company, but don’t know where to start? Here are 6 easy steps to begin:

1️⃣ Take some time to create a Threat Inventory. Think about all of the different threats that exist to your business, such as phishing emails, ransomware infection, inadequate accounting process internally that leads to money being sent to fake bank accounts, lack of data backups, patient health information being stolen, duplicate logins, etc.

2️⃣ Once you have your Threat Inventory, Google search the 18 CIS v8 Critical Security Controls, and then place each threat you were able to think of into one of these 18 controls (I will place a link in the comments also). You can also use the NIST framework as well. Security programs that align with well known security frameworks such as CIS and NIST often lead to better outcomes.

3️⃣ With the help of any internal IT person, outsourced IT (MSP), or if you don’t have either, use your most tech savvy employee, and figure out which of the 18 controls you think your company has in place. This can be challenging if you don’t have someone technical helping, so you may also ask your vendors for some guidance.

4️⃣ Once you know your threats, the CIS controls, and what you think your company has, look for the 18 CIS controls that you seem to be missing from your organization, and make a list. These are your gaps in your security.

5️⃣ Once you know your gaps, you can usually Google the terms to find some vendors to help cover those gaps. Of course if you have internal IT or outsourced IT help, work with them to find reliable vendors that your company can use.

6️⃣ Once you go through steps 1 thru 5, and are more confident in your company’s cybersecurity efforts, it’s always good to shop around for cyber insurance to get the best protection with the lowest risk, but only once you have as many CIS controls in place as you can stomach.

Many organizations often skip step 1, leading to either overspend on the wrong areas, or huge gaps in areas that need attention. By first taking the simple exercise of asking yourself “What could go wrong from a security perspective in our business?”, you set yourself up for clarity on places where you need to focus.

Hope this helps, stay safe out there!