The Cybersecurity Skills Your Association Needs Now
- Chris Ecker
- March 9, 2017
If you know someone looking for a career where demand is growing faster than supply, suggest they become a cybersecurity specialist. The demand for cybersecurity positions in the U.S. is expected to grow 53% through 2018. Even now, IT professionals with cybersecurity expertise are in the fortunate position of picking and choosing among strong job offers.
How does an association compete in such a competitive market for cybersecurity talent? Well, frankly, you probably can’t. It’s difficult for associations to recruit and afford to keep security experts on their payroll. And that’s a problem because security threats (and solutions) are constantly changing. Your IT team needs continual training to keep up the skillset required to protect your network and data.
Take an inventory of your IT team’s cybersecurity skills.
You can’t afford not to take security seriously, even if your budget doesn’t afford you the luxury of having a security professional on staff. So, here’s what you do first: identify the areas of security expertise where your IT team’s skillset is lacking. (And, by the way, we can help you with this.)
Your association needs cybersecurity expertise in the following areas:
Developing a security architecture that reduces your organization’s risk posture
Critical components of this architecture include:
- Organization-wide security policies that ALL staff must follow
- Backups for on-premise systems and data that resides in the cloud
- Compliance requirement identification and certification
- An in-depth security design with multiple levels of protection for cloud- and locally-hosted data
Selecting, implementing, and managing your security suite
- Intrusion prevention software
- Firewall hardware and software
- Endpoint security (anti-virus/anti-malware) software
- Data loss prevention software
- Next-generation anti-spam protection
- Multi-factor (or two-factor) authentication (MFA/2FA)
- User/staff security awareness training
Managing risk mitigation
These responsibilities include:
- Identifying data assets hosted in-house, with third-party vendors, and in the public cloud
- Performing security scans, security assessments, and penetration testing to identify the security risks associated with these data assets
- Resolving the security risks identified
- Repeating the process on a regular basis
Developing and implementing a plan for security policy governance
Do this in collaboration with the association’s leadership—an organization-wide security mindset requires C-suite buy-in.
Planning for crisis management
- Developing, updating, and implementing a breach response plan and data recovery plan
- Working with leadership, marketing/communications, membership, and PR staff on communication plans for cybersecurity breaches
Plug the gaps in your IT team’s cybersecurity skillset.
Once you determine the areas where your association has a cybersecurity skills gap, you have a few options for shoring up protection:
Hire experts to do a comprehensive security assessment.
Then, implement their recommendations for security protection, monitoring, and training. Perform this assessment on a regular basis. Every 2 or 3 years is recommended.
Or, leave IT security to the experts.
Allow your IT team to focus on other responsibilities by hiring a security expert, and outsourcing your other IT infrastructure operations to a Managed Service Provider.
Many associations beef up their security by migrating their servers and infrastructure to a cloud hosting provider.
Cloud hosting can provide a higher level of physical security and cybersecurity expertise than most organizations can provide for themselves. Also, by shifting network monitoring and management to the cloud, you’ll free up your IT team’s time to focus on mission-critical and strategic work.
Don’t be complacent about cybersecurity.
You can’t assume the IT skills your association needed a few years ago are sufficient to meet the growing security threats we’re dealing with today and will be dealing with well into the future. In most cases, those skills are not sufficient. Take steps to close the security skills gaps on your IT team before a hacker finds the holes in your security perimeter.
Want to see where you might be vulnerable? Download our free infographic, Is Your Organization Protected from Cyberattacks?, to assess your risk.