Cédric Mauny, senior cynersecurity manager at Telindus:
"...prepare yourself in case of a cybersecurity incident."
Photo: Michel Brumat
In a previous article on the subject of cybersecurity, Cédric Mauny, senior cybersecurity manager at Telindus Luxembourg, described the importance of cybersecurity to companies in Luxembourg, saying that there is no digitalisation without cybersecurity at its core. In this article, he gives practical advice on how to best allocate limited resources to protect data.
Everyone has limited resources; the goal is to allocate those resources that are available to where they will be most efficient in the protection and security of data. Data is a valuable asset to companies and they need the peace of mind of knowing that it is safe from abuse, allowing them to concentrate on developing their businesses
“Companies’ precious data needs to be handled in total security, while ensuring it is accessible at any moment to those that are authorised to view it, within the limits of their needs and while preserving the correct level of confidentiality and integrity,” Mauny told Delano this week.
He proposed a four-step approach:
Define your security strategy. Based on an analysis of business priorities, global ICT landscape and risk profile, the definition of your security strategy is the first step to achieve a master plan and an optimal security infrastructure.
Secure your business. Through the implementation of solutions and/or services, as well as an appropriate security infrastructure, secure the entire perimeter defined by your IT landscape. Create, strengthen and control access points to protect your most sensitive assets.
Monitor and validate security. Earn the trust of stakeholders by proving that security management is tailored to risk requirements and business objectives. A security audit is useful see the degree of protection against threats in place and how it can be improved. Install administration, measurement (reporting) and monitoring systems aimed at preventing, correlating, detecting, characterizing and responding effectively to security threats.
Create awareness and communicate. Help your employees, partners and customers to identify and respond to potential threats. Communicate in order not to have to fight alone against attacks.
“Last but not least,” Mauny said, “prepare yourself in case of a cybersecurity incident. A crisis can be awful from a reputational, operational, legal and financial perspective. Staff should be trained to react. Simulations should be performed to be sure of the right behaviour at the right moment to avoid losing precious time in business recovery and to limit damages.”