Sage Advice - Cybersecurity Blog

Easy Tools to Help You Create Cybersecurity Checklists that Work

Documenting step-by-step processes that are easy to follow, repeatable, and transferable, is a great way to create institutional knowledge. It makes your organization more cyber mature, and therefore, more resilient. Checklists are one of the methodologies that you can use to make that happen.

Read More

Topics: Cybersecurity Culture, Risk Management

Checklists to Keep Your Cybersecurity Program on Track

It’s not unusual to encounter an organization that is using practical knowledge, a.k.a. tribal knowledge, to operate. Practical knowledge is what each individual professional knows in-practice and is able to perform, but isn't really documented anywhere. It may be about how hardware is configured, how applications are designed, or in some cases, it involves information about historical decisions. The issue with tribal knowledge is that it disappears from an organization when people move on.

Read More

Topics: Cybersecurity Culture, Risk Management

How Checklists Can Improve Your Cybersecurity Program

Checklists are a great tool for keeping us on track. Surgeon Atul Gawande argues in The Checklist Manifesto: How to Get Things Right, that the simple checklist – perhaps one of the most basic organizational tools — can improve the effectiveness of teams and individuals performing complex tasks. When his team introduced a two-minute checklist to eight hospitals as part of a research study in 2008, deaths were reduced by almost half.

Read More

Topics: Risk Management, Cybersecurity Culture

Understanding the Cybersecurity Threats That Put Your Business at Risk

A crucial piece of building a cyber resilient organization is taking a risk-based approach to decision making. You need to balance risk against rewards, and manage cybersecurity risk in a way that is consistent with your organization’s objectives. Having an effective Risk Management Program can ensure your organization’s resilience.

Read More

Topics: Risk Management

Managing Vendor Cybersecurity Risk: Lessons from the Mega Breach that Started it All

Even more than five years later, the Target breach is still one of the top 10 data breaches of the 21st century. It was also a watershed moment for cybersecurity. Not only did it shine a spotlight on payment card security, it also brought to light the idea that third-party vendors are a potential cybersecurity risk that organizations need to consider.

Read More

Topics: Vendor Management, Risk Management

Why Managing Third-Party Cybersecurity Risk Matters

It has become the norm for businesses today to rely on a multitude of third-party service providers and other vendors to support core business functions. It’s also pretty common for these third-party entities to have access to a company’s data and its internal systems. This interconnectivity presents an inherent risk that must be managed. After all, you can outsource the function, but never the responsibility.

Read More

Topics: Vendor Management, Risk Management

Cybersecurity Metrics Your Board of Directors Should Care About & Why

Businesses today are going through an incredible digital transformation – moving to the cloud, embracing the Internet of Things (IoT), implementing automation, etc. – all at a lightning fast pace. This is opening them up to new and expanding cybersecurity threats that are difficult to manage.

Read More

Topics: Cybersecurity Culture, Risk Management

Cybersecurity Questions Board of Directors Should Be Asking

One of the key findings from PwC’s 2018 Global State of Information Security Survey is that when it comes to managing cybersecurity risk and building cyber resilience, senior leaders driving the business must take ownership. In fact, they found that Board confidence in security measures is actually tied to their participation in the company’s overall security strategy.

Read More

Topics: Cybersecurity Culture, Risk Management

How to Make Your Board of Directors Cyber Smart

As cyber threats continue to escalate, Boards of Directors are becoming increasingly interested in cybersecurity and risk management. This is no surprise, as the Board is ultimately held liable and responsible should a breach occur. And it’s important because leadership sets the tone for the rest of the organization. They must lead by example when it comes to cybersecurity, and actively participate in, and be supportive of, the mission to be secure. As such, cybersecurity has made its way onto the agenda of many Board meetings.

Read More

Topics: Cybersecurity Culture, Risk Management

Cybersecurity Roles and Responsibilities for the Board of Directors

Cyber threats are daunting. Not only are they complex and constantly evolving, they have the potential to impart significant financial and reputational damage to an organization. Plus, there’s no way to be 100% protected. That’s why cybersecurity is no longer just the responsibility of IT departments. Boards of Directors are ultimately liable and responsible for the survival of their organizations, and in today’s interconnected world, cyber resilience is big part of that responsibility. That means that Boards must take an active role in cybersecurity.

Read More

Topics: Risk Management, Cybersecurity Culture