Improving Cybersecurity
Andrew Weaver
May 2, 2022

Improving the Cybersecurity of your Company: The Complete Guide

Cybercriminals are getting better at threatening the cybersecurity of your company

There is no doubt that improving the cybersecurity of your company is more important than ever.

Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Hackers are always looking for new ways to target organizations, steal their data and extort them.

As tech leaders, and specifically CTOs, are faced with the main responsibility of preventing leaks and eliminating threats, we want to give an overview of the best actions you can do as a tech leader to improve the cybersecurity of your company.

What is the importance of improving cybersecurity in your company?

Cybersecurity is a key issue that has been rising in importance over the last few years. The internet and computer networks are integral to our society and economy, with almost every company on the planet having a web presence.

Cybersecurity is not just about preventing cyberattacks but also ensuring that systems are secure enough to withstand any attack as well as protecting them from data breaches and hacks.

The main problem is, that there are more incentives for hacking than ever before, with companies spending millions on cybersecurity products yearly while many of them still fall victim to an attack.

5 Methods for securing and improving the Cybersecurity of your Company

As we’re a tech leadership academy, we have some great alumni and current leaders with us. We reached out to get the recommendations from them and here’s our collected list of the best advice.

1. Communicate Potential Security Threats

Andrew Ryan, Head of Development, UK

Make sure to communicate potential security threats, including (and perhaps especially) ones involving social engineering – that’s key to improving the cybersecurity of your company

Not everyone in the company will have as high a level of tech literacy and awareness of these things, let alone know what a cyber defense strategy is, so don’t take it for granted.

Anecdotally, I sent an email blast to the entire company warning of scam emails from people pretending to be clients or even other staff members. Not two hours later, our CEO had a message from an acquaintance on linked in asking for his input on something if he could click a link. My email set alarm bells ringing. He phoned the guy directly and indeed, his account had been hacked and was sending out phishing messages.

2. Engage your team in training, scans, and testing

Jim Mortensen, CTO / CIO, USA

“After doing a couple dozen buyer/investor-side technical due diligence projects over the last 9 months, I see 6 consistent gaps in security practices of organizations. “

We’ve turned these points into actionable items:

Make security awareness training for employees

Many companies are failing to train employees on how to avoid cyber attacks. With hackers becoming more skilled, it’s important that we do all we can to protect ourselves from these security threats. Encrypting passwords, 2-factor authentication, and securing inboxes, should all be on the list of items.

Make regular external vulnerability scans

It is important to keep your website secure. A regular external vulnerability scan can help you identify vulnerabilities and fix them before they become a major problem.

Start penetration testing for security threats

Penetration testing is the process of simulating an attack on a computer system or network. Penetration testers are asked to try to get into a company’s system, whether it’s through social engineering, hacking, or other means. The goal is for companies to test their actual security risks and determine where they’re vulnerable before real hackers can break in. You can get software for this like www.invicti.com or www.getastra.com/pentest

Build an understanding and improve response to applicable compliance requirements (e.g., PCI DSS, HIPAA)

Whether it’s PCI DSS, HIPAA, or GDPR, companies of all sizes must be aware of and implement new compliance regulations to ensure that their data is safe and secure.

Improve management/oversight of vendors (who often have these same security gaps)

Make sure to have management and/or oversight of the vendors you’re collaborating with. Their security threats can easily become your security threats.

Build regular internal IT risk assessments

The best way to protect your company is to make sure you have a strong, reliable IT infrastructure. That’s why it’s important to regularly assess the risk of your system and take steps to minimize them.

3. Start with people and company values

Paul Clegg, CTO, UK

Starting simple. Start with People. they’re a double-edged sword. Their awareness and behavior are paramount before implementing specific tools. e.g our most basic tool is company values.

For example, our values are professional, focused, creative, and collaborative. We’ve given our team examples of behaviors that support staying secure in relation to company values.

4. Get Software Involved

Morgan Davies, Software Development Manager, UK

The best way to avoid security issues is to get InfoSec involved in the design and development process of software. If security is only considered after features are developed, vulnerabilities will get through.

We can measure:

  • Whether features undergo a security review
  • Whether security review slows down the development cycle
  • How well security is integrated into the delivery lifecycle
  • Whether automated testing covers security requirements
  • The use of pre-approved libraries, packages, toolchains, and processes

5. Strengthen your incident response plans

Josh Lopez, CTO, UK

As was mentioned here already, security awareness training is of paramount importance.

Zero trust is also critical for improving the cybersecurity of your company. You’ll have to implement network segmentation within the environment with least permissive access always. 

A shift I have also seen is not if you will be hacked, but when.

Ensure your incident response plans are adequate and test them. See how long it take you to detect, respond, contain, and recover from an attack. Many companies invest in AV, IDS/IPS technology, among many others, but the human response is weak.

Although these tools are essential, as well as frequent vulnerability management and mitigation, making sure you are able to really respond to an incident effectively is key.

Remember, it’s not if you will get hacked, but when!

Bonus tip from Pedro Sampaio, CTO, Portugal

You can try software like Riot. We just started using it and it is a really amazing tool.

Conclusion

It’s clear that improving the cybersecurity of your company clearly has technical elements and human elements to them.

The security of your organization is dependent on the members within it. There are many systems, processes, and software that can be used to defend against cybersecurity attacks but if your team and organization are not trained to prevent or avoid them then your chance of it happening is getting higher.

If you want to improve your tech leadership, consider signing up for one of the CTO Academy courses or subscribing to our newsletter.

Stay safe,

Latest posts

Improving Cybersecurity

Improving the Cybersecurity of your Company: The Complete Guide

Cybercriminals are getting better at threatening the cybersecurity of your company There is no doubt that improving the cybersecurity of your company is more important than ever. Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Hackers are always looking for new ... Read more

9 Tips on The Bottleneck of Code Reviews

When fellow CTO Academy member André asked the community for assistance with the bottleneck of code reviews, it sent the cogs whirring. It’s a problem I’m facing with my own teams and have been for some months. So it was almost comforting to hear another tech leader facing the same issues. I had experienced efficient ... Read more

cto academy digital mba for technology leaders

The CTO and The MBA … a history of coming together!

[Since writing this article, we have launched “The Digital MBA for Technology Leaders” which aims to help tech leaders bridge that critical gap between the technology and the business] “The MBA has attracted some mixed press in recent years …. so how relevant is it for the modern technology leader? The traditional MBA emerged as ... Read more

Become a high- impact tech leader

Our courses are built specifically for technology leaders who want to align their technical capabilities with high impact leadership skills. 

communicating to non-technical customers
Leadership and
Team Building
Tech Strategy and
Business Goals
Personal
Development

Free Assessment

Start Your Free Leadership Skills Assessment Now

Leadership comes in many forms. Check what leadership skills you master and which you could improve on.