No matter what business you are in, the focus of the business will be on two things, making money and reducing risk. Although I cannot tell you how to improve your cash flow I can help you reduce your risk, especially your cyber security risk.
The focus for cybersecurity is to ensure the data within the organisation has three factors. They are confidentiality, integrity and availability. In the last 5 years most of the cyber defence budget was spent on out facing security features. So firewalls, intrusion detection and VPN were paramount. Little was done on the inside. If the front facing systems were breached there was little, if anything that could be done to back up the initial protective systems.
The face of the cybersecurity paradigm is changing. Better cyber security results are occurring with an focus on a holistic approach. Holistic business cyber security is based on a total package and the integration of features that tighten up the security as they are added.
The technology component is still relevant and as important as ever, but so are the
adaptability, (disaster recovery, business resilience and culture)
management (policy, procedure, process, auditing and training) and
compliance (internal and external regulatory control) requirements of the security envelope.
Building cybersecurity systems into business has always been an expensive component of protecting the business. The problem is the alternative to protecting the business is not worth contemplating.
A breach will ensure loss of business integrity as well as a loss of trust. Your clients will go elsewhere if the protection of THEIR information is compromised, that in addition to the compliance and litigious components of a breach can make the survivability for a business or entity very difficult.
Building a cybersecurity profile on a holistic approach will ensure that each additional piece to the protection envelope will support previous purchases as well as future expansion. The addition of a better cybersecurity policy (management) enforced by the firewall (technology) augmented through cultural awareness is more secure than just adding the firewall.
To make the change to a holistic approach requires a different mind set. Yes the large payments for technology are still going to be there, but smaller investments in training and changing the business model will have a far greater impact on the security of an SME than previously thought.
Just think, for instance, at the business policy level. A new staff member has to complete a 5 part self paced course that covers things like:
- Complicated passwords
- Mobile devices
- Intellectual property
- Social media
When they join, they cannot come off probation until they pass the course and they get a certificate of completion so that they can then sign the businesses security policy.
This achieves one thing and one thing only, it brings the user to a level of understanding that they will invariably protect themselves. This personal protection will flow onto the business. Because the course ensures a higher level of cybersecurity is within the business to start off, the other components of the security envelope become better and more indepth protection.