The SME has to protect itself and ensure that it does not lose data, it needs to protect their staff and clients and finally ensure that their business does not get tarred with the “security breach” brush.
SME’s usually have a different focus when it comes to the protection of their systems.
True cyber security protection as understood by government departments, large organisations and security oficianadoes is based on 3 criteria.
Confidentiality, integrity and availability, but more importantly they have to be in that order.
A government departments requirement is to make sure that the information and data is kept confidential and ensure the integrity of that information, only when those 2 requirements are met do they worry about availability.
This is one of the reasons that getting information for public servants to do their job is so difficult and why they always seem to do nothing.
They have a built in system that stops them from doing anything slightly outside their corporate requirements, but I digress!
For an SME, these three requirements in that order would make doing business very difficult if not impossible.
For them availability is key, but by changing the hierarchy they now expose themselves and their data to being compromised by internal and external forces.
Furthermore It makes it very difficult for these organisations to keep the integrity of their business data because of the availability requirements.
As a small organisation, how do you protect your data and make sure that it does not fall into the wrong hands? This at times can be difficult. Fundamentally the business requirements, especially the process of generating revenue and increasing profits, always out weigh the security requirements.
This is the fundamental error in the business thinking and why SME’s are so vulnerable to opportunistic cyber attacks.
There are a number of systems that can be put in place to protect SME business data, their staff, their client and customer information and in doing so increase their revenue and their profits. Business security is not a drain on resources but some of the associated costs need to be tempered with wisdom and common sense.
Yes it is nice to have the latest security widget, the one the salesman told you would fill all of the security holes that he pointed out to you, but if you have your users using “password” as their system access then it is not going to protect you very well at all.
So before you spend $10K to $20K on a security widget make sure you have the following fundamentals in place:
- Some level of staff education
- You have put policies, procedures and processes in place to lift the security awareness of your staff. This includes a decent password and internet policy!
- Some type of data auditing so that you can see who is accessing what data
- Business continuity and disaster recovery plans as well as doing a risk analysis on your business.
- Anti virus, anti spyware and anti malware applications installed and updated
- Operating systems and business applications are updated regularly
- Look at your business compliance requirements and make sure that you are following the rules.
Get these right and you have already increased your protection level. These are basic business, cybersecurity requirements, but they are usually the last thought prior to that large investment in new technology.
Get them right and the impact of that high priced security widget will be 10 to 100 fold.
It will enforce you policies, protect your business and make sure that your customer information is safe.
Furthermore you may not need to make that huge investment.
So as an SME where is your cybersecurity and business protection? have you done the basics? Do you want help in creating a secure business environment prior to making that huge investment?
Is so contact us and we will help you get to that level with our security framework.