The front door is not the only way in. 75% of cybersecurity problems come from the insider threat

The cybersecurity problems for small and medium businesses and not for profit organisation are one of the least looked at problems within the organisation.    Although cybersecurity protection is a holistic process most SME’s look at the connection to the internet and how to protect it as their main focus.

This is not a good idea.   Using technology to create a cyber security envelope for your business is only one component of a larger framework. The following have to be thought through to protect your business.

Front facing systems like firewalls, wireless, VPN and intrusions detection all have their place in the final mix for your business cybersecurity.   As do your operating systems, applications and end point protection systems.   Although these components are the most expensive in straight monetary terms, they are only a small component of creating a highly reactive and protective system around your business.

The other components are normally more important but less visible.   Your cybersecurity envelope has to not only protect your business assets but it also has to allow the organisation to function as a business with minimal impact on the business itself.   This is a fine line to walk and keeping all of the balls in the air can be a full time process.

The other components can be broken down into three other areas.   These areas are:


The management of your business cybersecurity comes down to visibility.   You, as an owner or manager need to see what is going on.   This doesn’t mean that you have to micro manage your business but it does mean putting systems in place to increase that visibility.

This is achieved with policy, procedures and processes, auditing and training.   All of these systems are bundled together for the concept of best practice.


Given the Darwinian theory that if you do not adapt you die, this component looks at the businesses capability to recover from a problem.   It looks at risk management, business continuity and disaster recovery.   It also looks at business resilience and the culture within the business.


We all have them, everyday people without a business have a tax compliance requirements, rates and taxes are your everyday compliance requirements.   A business has a lot more but they all have to be recognized and complied with.

Integrating all of the components into your cyber security protection focus allows the business to operate at 100% as well as allowing the business to protect its users, clients and data at the highest level possible.

The final component is common, or uncommon sense.   Cybersecurity is a fine line to tread but it has to be tempered.    There is no use having complicated passwords, 12 characters long, that have to be changed daily and cannot be repeated for 10 passwords without having a logical reason for doing it.   Human nature being what it is, it will annoy everyone and the second reason is that the passwords will be written down somewhere defeating the reason for having them in the first place.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.