Implement These 6 Baseline Security Steps

By Paul Hawkinson
Aug 23, 2022

We often talk about cybersecurity abstractly, but for those who want ‘rubber meets the road’ advice, let’s talk baseline security.

Baseline security is the minimum-security controls required for safeguarding an organization’s information systems, ensuring confidentiality, integrity, and availability (CIA) of critical system resources. In other words, it is the bare minimum of what a business needs to protect itself while still working efficiently and effectively. Want to stay afloat as a small business? Make sure your baseline security is in line.

While every business is different, baseline security needs can be identified by comprehensive risk assessments, implementing mandatory provisions as required by regulatory compliance laws, and putting into place industry-leading practices. Unfortunately, risk analysis can feel like a complex, resource-intensive exercise. Many small to medium-sized businesses are too discouraged by the process to try! The result is that companies are left either under-protected or with a few ineffective controls installed. These six steps can be used as a foundation for your baseline security:  

1. Create a Risk Management Team

These are the people who ‘own’ mitigating your risk. From all ends of your department, these should actively identify possible threats, ensuring your systems and data have as little risk as possible.

2. Catalogue Information Assets

We wrote about this before, but you must know what is in your technological care. That includes data your company collects, stores, and transmits, IT infrastructure, and the various Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) solutions used. Don’t forget to include the assets that your third-party vendors use…

3. Assess Risk

Now rank your assets! Some information is more critical than other information, and not all vendors are equally secure. Consider clearly what a breach of each information asset could do to your business, including ramifications to your reputation, finances, continuity, and operations.

4. Analyze Risk

Look at the risk itself—based on the probability of the risk occurring and likely severity, to assign a score to each risk. As you do this, think about your response: will you accept, avoid, transfer, or mitigate?

5. Set Security Controls

Next, define and implement security controls to help your company manage risks by reducing their chance of occurrence. Security controls—from locked doors to firewalls—are essential for every threat. Take the effort to implement and ensure that they are carried out.

6. Monitor and Review Effectiveness

Malicious actors keep changing their methodologies, even as new products, services, and equipment are incorporated into your information systems. Your last step is to continually maintain a risk management program that monitors your IT environment for new threats, adjusting your security policies and controls accordingly.

Push past being overwhelmed, focus on the easy steps that keep your business secure, and always feel free to reach out—we’re happy to help answer your cybersecurity questions.

Contact Us

Carolina Cyber Center
of Montreat College

310 Gaither Circle
P.O. Box 1267
Montreat, NC 28757

(828) 419-0737

Get Started

No-risk, 30-day money-back guarantee. All instructional materials, labs, certification fees*, books, and range time are included.

*First attempt for certification included. The cost for additional certification attempts is the responsibility of the student.