Many small businesses run a large part of their business over the Internet without any security features. Being online opens the door to potential risks and rewards. This document provides an overview on how to protect your organization’s information and networks in event of a cyber-attack.
Simple safe steps are provided to educate your staff about information security practices.
- Security must become a part of the organization’s culture
Cyber security and profitability goals need to be closely aligned and clearly communicated by elevating the conversation and educating staff about risks affecting the business.
- Evaluate and manage cyber security threats.
Identify critical assets and the financial, competitive, reputational and/or regulatory impact and exposure to the organization. Identify and develop policies and strategies to manage cyber risks to an acceptable level.
- Implement a risk-based approach; compliance alone isn’t enough.
A risk-based approach will produce a comprehensive and cost-effective management of cyber risks than compliance activities alone. Compliance requirements help to establish a good cyber-security baseline to address known vulnerabilities.
Cybersecurity is NOT implementing a checklist of requirements – it’s day-to-day policies and procedures that are the strategic framework of the organization. Managing these threats is constant and ever changing.
Response Plans and Procedures
- Incident response plans must be tested regularly to enable timely response and minimize potential damage. Identify strategic threats by analyzing, aggregating and integrating risk data from various sources and sharing insights with partners in order to improve the security framework.
- Cyber threats constantly evolve with increasing intensity and complexity, potentially causing costly downtime to on-going business operations and supply chain. Compromised intellectual property and customer data may result in reputational damage to the organization’s credibility and trust.
Basic Steps to Creating a Secure Network
- Antivirus software is a MUST. Antivirus software detects and removes malware, including adware and spyware, and filters out potentially dangerous downloads and emails.
- Firewall Administrative Settings – Protect your network by restricting access to select websites. Configure setting to block staff from sending proprietary data and specific types of emails outside of your network. Administrative access should be limited to key personnel and IT staff.
- Create a Cyber Security Framework. Develop a clear security policy plan that designates which individuals have access to which types of sensitive information. Provide clear direction as to how staff and vendors must process critical proprietary and client data.
- Back up Essential Data Every Day. Back up your organization’s data automatically, using a combination of cloud and off-site backup.
- Encrypt all data. Encryption is essential to protecting personal identifiable information (PII). Data is rendered useless without authorized access codes.
- Update Wi-Fi Network. Wi-Fi Protected Access version 2 (WPA2) is widely recognized as the most current and secure encryption available.
- Mandate Security Polices for Mobile Devices. Remotely track devices SIM card, back up data and remotely lock devices that are lost or stolen. Mandate employees create passwords for their devices and report security breaches.
The Department of Homeland Security (DHS) is responsible for safeguarding our nation’s critical infrastructure from physical and cyber threats that can affect our national security, public safety, and economic prosperity. For more information, visit: www.dhs.gov/cyber. To report a cyber incident: https://forms.us-cert.gov/report/or 888-282-0870.
(Andrew Ciccone is President of Hudson Valley Public Relations. Hudson Valley Public Relations Optimizes Connections and Builds Relationships — specializing in content marketing. Andrew can be reached at (845) 702-6226 or firstname.lastname@example.org.)