With over ten years working in the cybersecurity field and many years of college focusing on cybersecurity, cyber has become a way of life. However, for many people cyber is something completely foreign. Many people we talk to are lost and do not know where to start. My best advice if you are feeling lost in the cyber world is to start with some cybersecurity education as step one.
Cyber is a huge field. There are so many options and technologies out there. Not all technologies are going to be right for your organization's level of risk. The technologies you choose to protect yourself are going to be based on the level of risk and what you are trying to protect. There are times technology is not the only answer as well.
One of the biggest risks is continually the insider threat. The insider threat doesn't just mean the rogue disgruntled employee that was just fired and is seeking revenge. It can also be the busy admin who just accidently clicked on an email link. It could be the accountant who brought home their laptop and had it stolen from their car. Cyber is not all about technology. A large portion of cyber threats can be reduced simply by adjusting processes and procedures to reduce risks.
If you have no idea where to start with understanding your cyber risk; if your staff is likely to click on links when things get busy; if employees are not trained on cyber, education would be a good step. A&P periodically offers free cybersecurity classes in our local area. Some banks and other organizations are also offering free cyber education classes.