Today I was reminded by Flipboard to reset my password due to a cyber incident, over the weekend a similar email from another platform. We live in the world where anything that is on or connected to the internet is no longer secure, probably never was. We have to acknowledge that this is the modern world we live in #nomoresecrets

If the larger organisations are having difficulty at keeping those unwanted at bay. I was thinking about your mom&pop type small enterprise, perhaps with a handful of employees. Customer information saved everywhere and focused on keeping the wolf from the door rather than the cost or hassle of IT Security. Cybersecurity for your business is not just about adding costly and complexity. It starts with understanding and managing your cybersecurity risks, the simple cost effective method to ensure your business IT systems are safe, clean and intact.

Empower Small business owners

The goal of this document is to empower Small Medium Business owners. Outline steps to begin to assess what business assets need to be protected and encourage business owners and managers to make their business more resistant. To have the ability to recover if an incident occurs.

If you are in this position, where can you start on the basic steps of IT Security.

Do Cyber Hygiene!

This is the basic activities that you should undertake to minimise (never will it eliminate) the threat to your systems and information. Cyber hygiene creates a solid foundation upon which to establish more advanced cybersecurity and privacy protections. Key cyber hygiene activities include;

Asset REgister

Keeping a List of all IT related equipment with in your company;  Phones, Laptops, Tablets, Computers, etc.  You may have great protection, but without an inventory, how would you know if your systems are protected?

Updates

Keep all systems updated, enable the automatic update in windows is active for both windows itself, antivirus, and other programs. Similar for tablets and phones to consider automatic updates from the various online platforms or stores.

Install anti-virus software programs installed on the computers and tablets. There are numerous paid and free antivirus packages available. They do the task at keeping intruders at bay. They are the glass in your windows and doors coupled with strong locks.

Data (GDPR)

Understand what you have that is confidential. Consider this, what can you afford to leave on a public bench at a train station, if you can, then it’s not confidential, similar for paperwork, computer systems. This is a litmus test for data and peace of mind on its security and confidentially.

Keeping information locked down to whomever requires it, possibly that the junior member cant see the same information as the manager or owner, if that is your choice as to the level of access or security of the systems and data.

Passwords

Having a practice to change passwords on a regular basis, that they are have some unique feature to them – alpha numeric coupled with a symbol and not an easily identified or guessed phrase.

Training

Facilitate training sessions for staff on IT systems and security. This is probably the least favourite and costly (initially) for the business, but it will give multiple returns on the effort. It is a foundation of good IT hygiene of an organisation, the staff are the senses of your business.

Once you are done doing these cyber hygiene activities, do them again!  Cybersecurity and privacy are processes, not set-it-and-forget-it propositions.

SMB spend 13x more per employee on cybersecurity than large businesses

The Better Business Bureau estimates that small businesses spend thirteen times more per employee on cybersecurity than large businesses.  https://www.bbb.org/globalassets/shared/media/state-of-cybersecurity/updates/cybersecurity_final-lowres.pdf

Promoting a culture of security is just as important as fancy tools. Smaller companies have the ability to communicate directly to all staff about the value of vigilance in the organisation. To achieve a secure environment – self-awareness of what constitutes regular communication from suppliers and vendors. What customers generally communicate to them and the ability to recognise when something is amiss e.g. an email received from a customer that computer has been compromised. Staff can recognise a phishing email when they see on, and even inform the affected party. That is the level or responsiveness and trust with in a small company with suppliers and customers.

Security Controls

Use your IT managed service provider for commercial, off the shelf solutions with sensible dashboards and simplified command and control. A good reseller will be able to guide you to solutions that fit these descriptions, more is not always better. Complicated platforms take may take more effort to maintain and understand.

Customer Relationships

You should also squeeze every drop of value you can from your relationship with your customers.  If you are asked to mitigate any risks on your report by a partner, embrace that process. You are getting expert opinions on how to simultaneously improve your cybersecurity and look more attractive to customers.  Remember, every risk you squash adds value to your organisation