Three Things You Can Do This Week to Improve Your Company’s Security Posture

Three Things You Can Do This Week to Improve Your Company’s Security Posture

As a CTO, VP of Engineering, or other technology leader, you are responsible for not only leading your technical team but also ensuring your company’s infrastructure is secure. You may feel that improving your company’s security posture is a monumental task requiring significant resources, but the truth is that you can take immediate actions this week to make meaningful improvements—without any additional budget.

Here are three things you can do this week that are simple, free, and effective.

Attributes of the Things You Can Do

  • YOU can do them: No need for external vendors or additional hires.
  • They won’t cost your company anything: These are actionable steps that don’t require budget approvals.
  • They will improve the company’s security posture: Small changes that make a big impact on your security readiness.

This week’s security tasks

1. Monday – Change Admin Passwords

Start the week by tackling one of the easiest yet most impactful tasks: changing your admin passwords.

Action Steps:

  • Locate all admin accounts: Identify critical admin accounts across your infrastructure. This includes:
    • Corporate website hosting
    • Cloud platforms (AWS, Google Cloud, Azure)
    • Database management systems
    • Network infrastructure (routers, switches)
    • Any internal or external software with admin-level privileges
  • Ensure passwords meet best practices: Admin passwords should be long (at least 16 characters), complex (including uppercase, lowercase, numbers, and symbols), and unique across all systems. Consider enabling two-factor authentication (2FA) for extra security.
  • Document changes: Keep a secure log of the password changes using a password manager to ensure your team has access when needed.

Why it Matters: Weak or reused passwords are a leading cause of security breaches. Changing admin passwords on a regular basis reduces the likelihood of unauthorized access, especially if an old password has been compromised.

2. Wednesday – Review Insurance Coverage

By midweek, it’s time to take a look at your company’s insurance coverage. Many organizations overlook cybersecurity insurance, but it’s a critical part of risk management.

Action Steps:

  • Identify your current insurance coverage: Locate your existing policy (if you have one) and identify whether it covers cyber incidents such as data breaches, ransomware attacks, or business interruption due to a cyber event.
  • Review coverage limits: Ensure that the policy covers the actual costs your company could incur in the event of a breach. This includes legal fees, customer notifications, forensic investigations, and potential regulatory fines.
  • Engage your insurer: If you don’t have cyber insurance, reach out to your insurance provider to discuss options. Even if you do have coverage, it’s worth ensuring your current policy is up-to-date and matches your risk profile, particularly if your company has experienced growth or infrastructure changes recently.

Why it Matters: Insurance is often a neglected aspect of security. If the worst happens, having the right coverage can significantly reduce financial damage and give you peace of mind knowing that your company is prepared to handle cyber threats.

3. Friday – Create an Incident Response Team

Round out your week by setting up an incident response team. Whether it’s a small team or just you, establishing a formal group will prepare your company to respond quickly and effectively to security incidents.

Action Steps:

Identify key team members: Depending on your company’s size, this team may be composed of you and a few key people in IT, operations, and possibly legal. Assign specific roles for each team member, such as incident coordinator, technical lead, and communications lead.

Draft a basic incident response plan: Outline key steps the team will take in the event of a security breach. The plan should include:

  • Identifying the type and scope of the incident
  • Containing the breach
  • Investigating the root cause
  • Recovering from the incident
  • Reporting to stakeholders and authorities (if needed)
  • Conduct a tabletop exercise: Simulate a mock security incident to ensure your team knows their roles and can act quickly when the time comes.

Why it Matters: When a security breach happens, time is of the essence. Having an incident response team in place means you’re not starting from scratch when something goes wrong, minimizing damage and downtime.

Conclusion

Improving your company’s security posture doesn’t have to be a monumental task. By making a few focused changes this week—like changing admin passwords, reviewing your insurance coverage, and setting up an incident response team—you can take significant steps to protect your organization. These simple actions lay the groundwork for a more secure and resilient future, without requiring a large investment of time or money.

Interested in a free Incident Response Plan Template? Enter your work email to download this free resource and receive valuable insights straight to your inbox.


    Tags Categories Best Practices

    Let's get to work!

    Get in Touch

    Contact

    Community Exchange

    Subscribe

    Plain language. Actionable insights.

    Security management tips & tricks, regulatory updates, threat intelligence.

      Links

      Contact

      Copyright © Betterleg Studios | Privacy Policy