The 9 Ps of Small Business Cybersecurity
By Kwang Edeker - May 10, 2019
Small business has a growing problem: cyber attacks. Preparation can be the difference between keeping the doors open or closing them for good. An effective cybersecurity strategy protects your systems, networks, and programs from digital attacks. Here are nine steps to better business cybersecurity.
What are the 9 Ps?
Business runs on specific sets of principles, both written and implied. It’s how you work, what you believe, and how you behave. It’s what guides how you treat your customers, employees, and partners. Business cybersecurity is no different, and includes:
- Having policies and procedures for technology and data management in place
- Understanding that the weakest link in the security chain is people
- Knowing you will be hacked and being prepared
- Cybersecurity being a priority in budget planning
Is cybersecurity included in your IT budget and strategy? 50 percent of small businesses find budgeting for cybersecurity a major challenge. But planning protects your business, your assets, your employees, and your customers. If you don’t plan ahead, you may not recover:
- 50 percent of cyberattacks target small business
- In 2017, the cost of an average breach was $2,235,000
- 60 percent of small businesses close within 6 months of a cyber attack
Policies provide a clear and documented direction. Cybersecurity policies, in particular, should be living documents that are continually reviewed and revised to keep up with technological change and innovation. Some cybersecurity policy examples are:
- Customer and employee data storage and privacy
- Mobile devices and passwords
- File access and data backup
- Wi-Fi and network security
In addition to your policies, procedures help to mitigate risk and deal with potential cybersecurity issues when they happen. Procedures need to be planned and implemented so that everyone in your organization understands their responsibilities in keeping your business safe from cybercriminals. Some procedure examples are:
- How to handle customer data and privacy
- How to install applications and antivirus protection
- Safe browsing and email usage rules
- What to do in case of a data breach
Protection is the reason for these policies and procedures. It’s a 24/7/365 job. Ideally, you’ll have multiple layers. Some of those layers include:
- Firewalls: your first line of defense against hackers trying to get into your system – always keep your systems behind one
- Password Management: requiring strong passwords and changing them every three months or less may sound like a pain, but it’s critical in keeping data safe
- Patches and Updates: these help keep your systems protected – know when they’re released so you can install them as soon as possible
- Cyber Insurance: insurance is a precautionary measure, it pays to explore what’s available to insure yourself against the damage of a cyber attack
While many believe technology is the weakest link in the security chain, it’s actually people – and human error. There are emails, pop-ups, and websites designed to trick employees into sharing information that can be used to steal from you or your business. Hackers target people.
Plus, many people have poor cybersecurity habits at home that they bring to the office. According to Pew Research, “84 percent of online adults rely primarily on memorization or pen and paper as their main (or only) approach to password management.”
And while it may sound like a TV drama or episode of Mr. Robot, people can get compromised outside of their digital lives. Insiders often commit cybercrimes ranging from corporate espionage and embezzlement to data theft.
Preparation and Practice
Preparation is everyone’s responsibility because complacency kills when it comes to cybersecurity. Security awareness and training build cybersecurity preparation and practice into your business. Open communication, regularly scheduled training and practice help everyone stay aware of what the dangers are and how to deal with them.
Proficiency is defined as a high degree of competence or skill. Get proficient at cybersecurity. Start with the principles, then put the plans, policies, and procedures in place to protect your business. Understand that people are a crucial element and develop their skills through a system of continual learning, adjustments, practice, and preparation. You can do this!
What Do I Do Next?
To learn how to best implement these initiatives in your business and fortify your office’s cybersecurity, reach out to a dedicated managed services provider (MSP), like CompuCom. We’ll examine your current technology systems, collaborate on your next steps, build and strengthen your IT infrastructure, and offer reliable advice and support as your business grows and evolves. Get in touch with us today to learn what CompuCom’s Managed IT as a Service can do for you.
PROTECT YOUR FUTURE
Removing the Guesswork from Securing your Business
A recent study of business owners found that 70 percent see administrative tasks as the biggest drain on their time when they should be focused on strategy, new products and services, and taking them to market.DOWNLOAD REPORT