Director of Software Development for Davin Workforce Solutions, Mike, recently attended the 2019 Rochester Security Summit. While there, he sat in on many of the presentations and classes to stay up-to-date with the latest security practices and threats.

Mike heard a talk from Reg Harnish from GreyCastle Security that focused on finding the intersection of “must,” “should,” and “can” to focus your efforts when it comes to cybersecurity.

With all credit to Reg Harnish of GreyCastle Security, we wanted to summarize the ideas and bring them to you.

Must

When looking at strengthening your cyber-security, you first should look at what you must do.

This is the list of items that you must eventually accomplish to secure your business. These are the tasks that will ensure you comply with HIPAA, FERPA, or other regulations for your industry. These are the essential items that cannot be forgotten.

Should

The next list you need to create is the should list. 

Your “should” list will be extensive. Think of it as almost a “wishlist for security.” If you had all the money and resources, what would you do to secure your business? Stronger passwords, TFA, physical security audits, risk assessments, training, outside security company, etc. The list can be daunting and can go on and on, but don’t fret, just keep adding.

Can

This list is everything that you can do at this time. 

Available budget, schedule, resources, and expertise largely determine this list. You need to be able to hit the ground running on a task to include it in the can list. Only include items that you can start within the next few months.

Bringing it Together

Knowing where to start when it comes to security can feel overwhelming. This process helps you to identify and prioritize the tasks that you should focus on first. 

Once you have the three lists, find the items that they all share. Put those items into a new list. That list is your to-do list. Work on the tasks on your to-do list first. By the time you cross them off, you’ll hopefully have freed up resources to tackle other tasks.

Repeat this process whenever you complete your to-do list, and you’ll conquer your security woes in no time!

Many thanks to Reg Harnish over at GreyCastle Security. Find out more about GreyCastle Security here.