Action plan for cybersecurity

rp_bigstock-Smart-IT-programmer-drawing-in-17899763-150x150.jpgAt a basic level the introduction of an action plan to protect you business is a critical thought process that will have long ranging benefits.

So let’s start with the basics of the cybersecurity action plan.

Bright shiny object syndrome (BSOS)

Most of us have this tendency.   A need to get the biggest and brightest thing that we want even though it will deliver a reduced return on investment or even worse be useless inside of 2 months.   This is something that you need to curb when in business.   If your business has a need for cutting edge technology, bleeding edge ideas and the implementation of brilliant concepts on conception then yes you need to involve the BSO’s but like most businesses this is definitely not necessary.

For instance, most large organisations will implement new operating system roll outs after the release of the first service pack.   In most cases this has saved considerable amounts of money, time and resources.   There are a number of good reasons for doing this – new operating systems have limited support for old applications,they have limited support for legacy systems and legacy hardware and in some cases have not been completely tested in the working world.  A case in point and where most learned their lesson was with the ill fated VISTA roll out.

This reasoning can also be applied to the apps craze for hand held devices.   Most apps that are developed for devices are only partially completed, some are missing critical components and others are missing functionality.   If it is free to get you hooked then, for business, I would not recommend it

No plan

Like most situations when it comes to security for your business you need a plan.   Any plan is better than no plan.    The plan will change and morph the more involved you become in the process.   Like a battle plan for your business, it has to be able to handle first contact with the enemy.   anyone trying to access your data, compromise your systems or steal information is the enemy.

Make a plan, it must include what you expect to achieve with as many details as possible.   A cybersecurity plan needs to focus on protecting your business (business continuity, disaster recovery, business resilience), protecting your staff and clients (firewalls, wireless and VPN) protecting your data  (access, encryption), protecting your management team (reporting) and finally your external compliance.    There is an overlap in all areas and securing your business requires thinking each component through.

Change your thinking

One of the hardest things for people to do is to change their thinking in regards to most things.    Most people are STUBBORN, their ideas are the only ones that will work.   We are all guilty of it, some are more stubborn than others but the problem still remains.

You need to listen, you need to read and you need to apply new ideas to your business.   These new ideas are critical to keeping up with your competition, but more importantly they allow your business to increase profits and revenue.  New ideas come from you, they come from your staff and they come from your customers.   At times you have to swallow your pride because some of those ideas could achieve returns that you least expect.

No “one” thing fixes all

I have been suggesting this for the last 18 months.   There is NO one thing will fix all solutions out there when it comes to cyber security.   Cybersecurity is a process of applying small changes regularly to your business that increases awareness and increases your security level.

A new firewall widget is not the be all and end all of your security profile.   Yes it is a serious component, that will cost you considerable amounts of money but without other serious components in place it is just a small component of cyber security.    A change in attitude or training or understanding can have far reaching benefits for your business.   In some cases more far reaching than the purchase of a firewall to protect your Internet connection.

Follow the right people, companies and ideas

If your stubbornness is your problem, I have found that listening to others is a great way to change your direction.   Look on the Internet, follow the right people and companies on Twitter, LinkedIn, facebook and google plus.  Be open to new ideas and concepts.   Apply those concepts or ideas to your business.   Make small changes while always protecting your revenue stream.   Do not make wholesale and drastic changes on a whim as it can have dramatic consequences.

So here is the action plan

  • Make a plan – any plan is better than no plan.
  • Implement the plan to the best of your business resources
  • Get away from BSO’S.
  • change your thinking – your staff and customers want to see you succeed your competition not so.
  • there is no one fix – cyber security is a process of building a secure framework around your business.
  • Little changes have far reaching effects.
  • Get your information from the source,
  • listen to the right people.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME’s protect their organisation using the principles of Technology, Management, Adaptability and Compliance.