5 Things a Security Manager Should Check Every Morning
Daily Cybersecurity Checklist
As a security manager, you have a wide variety of tasks you need to complete in order to protect your organization — as well as your employee and customer data. Of course, some of these responsibilities are performed on a quarterly or yearly basis, such as gathering information for audits or conducting annual assessments. But there are certain tasks that you should be completing daily in order to maintain the desired security posture and reduce cyber risk across your expanding attack surface.
Here are five questions you should ask yourself as part of your morning cybersecurity checklist:
- Are there any new vulnerabilities that can affect my organization?
- Do any of my critical vendors have vulnerabilities?
- Has user access been granted and revoked as needed?
- Are all systems operational and working as expected?
- How can I effectively report the status of our security posture and any new events to senior management?
1. Are there any new vulnerabilities that can affect my organization?
New vulnerabilities are discovered by security researchers for different applications and operating systems on a daily basis. Some vulnerabilities are low risk and have a low impact, but others — such as SQL injection, buffer overflows, XSS, and missing authorization — can be critical.
Take the following steps to ensure you and your team are always in the loop on the latest risks that could impact your organization:
- Subscribe to Cybersecurity and Infrastructure Security Agency (CISA) email alerts to get notified when new vulnerabilities are found and patches are available for popular applications, such as Google Chrome, Mozilla FireFox, VMWare, Adobe, and Office 365.
- Sign up for RSS feeds through applications like Slack or Teams so that you can be informed about new patches available for a variety of companies.
- Set up different communication channels for alerts so that you and your team can prioritize which ones to address first given the criticality and scope of impact.
2. Do any of my critical vendors have vulnerabilities?
From processing payroll information to hosting your entire database, vendors play an essential role in your ability to be as agile and efficient as possible. Of course, your company’s data is only as secure as your most critical vendor. You can patch every known vulnerability in your own organization to protect your systems, but if your vendors have gaps in their security programs, they will open your network up to unwanted cyber risk. As the cybersecurity environment is constantly evolving, you need to move beyond point-in-time vendor risk assessments in order to effectively mitigate risk throughout your ecosystem.
Take the following steps to develop a strong third-party risk management program:
- Ensure that you have defined what constitutes an acceptable risk threshold — and that you have contract language in place to require your third parties to maintain this desired security posture over time.
- Continuously monitor your vendors’ security performance from the outside in using a standardized KPI, such as security ratings, so that you can gain visibility into coverage gaps and vulnerabilities that questionnaires and one-time audits could not identify alone.
3. Has user access been granted and revoked as needed?
Employees leave and join different organizations every day. In order to maintain the necessary internal security, it’s critical to have a system in place to confirm that active employees and contractors have the network access they need to conduct business operations — while former users have their access revoked.
Take the following steps to ensure you’re following security and compliance procedures, and will have the necessary audit trail of events available:
- Set up an automated onboarding and offboarding process to limit mistakes during account creation and removal.
- Follow the principle of least privilege access control.
4. Are all systems operational and working as expected?
Hosting providers such as AWS, Azure, and Google Cloud are critical to the function of many organizations throughout the world. Examining the current status of your systems and looking for alerts about outages and unusual activity are essential tasks on your cybersecurity checklist — as you and your customers rely on Service Level Agreements (SLAs) to be met. Of course, an increase in users and applications in your environments creates more alerts, which require more time and effort to sift through.
- Integrate unusual activity alerts into your SIEM.
- Create a workflow to address the most critical alerts — such as sharing outside of your organization, unrecognized login locations, multiple failed logins, or multiple password resets.
5. How can I effectively report the status of our security posture and any new events to senior management?
Cybersecurity is not just an Information Technology or Security team responsibility. It's the entire company’s responsibility! When senior management buys in and supports the team, it inherently promotes security awareness and responsibility throughout the organization.
Take the following steps to keep senior management in the loop on any cybersecurity gaps, new events, and necessary remediation resources:
- Use an accredited compliance framework for your industry — such as the NIST Framework for Improving Critical Infrastructure Security, CIS Critical Security Controls, ISO 27001, or PCI DSS — to identify any gaps in your security program.
- Present the findings to stakeholders in order of criticality — using a standardized, easily understood KPI, like security ratings.
- Develop a strong security performance management program that involves researching necessary remediation resources, modeling different scenarios, presenting action plans with cost and timelines, and tracking progress over time.