How SME’s can constantly improve their Cybersecurity profile.

SME’s have a lot on their business plate and that is one of the reasons why security in general and cybersecurity as a focus is normally a job that is left till later.

The Internet has changed SME’s in many ways.   A mom and pop cottage industry can now be in the same league as a Multi-national conglomerate.   They can compete at the same level, gain customers with well thought through social media campaigns and stay competitive because of their agility and resilience.

Although the Internet has created these opportunities it has also exposed everyone to cyber space and the cyber criminal.   No one has been untouched by them, from a basic phishing attack through email, to a concerted attack by a hacker, we have all been targeted in some way.

We all do a large amount of business on the Internet and that business is going to grow in the future.    With all of these opportunities, comes the danger and the added problems of how do you protect yourself and your business as well as your customers, clients and staff.    This is the conundrum that most SME’s face daily.

Business security is an ongoing process, and following that process, allows an SME to build a more secure environment for their business.   To most businesses not only is cybersecurity hard to understand, it is expensive to implement as well as being resource intensive.

What is the best way forward?    SME’s need a framework to implement better security.   They do not just need another piece of hardware – a firewall – for instance, they need to be helped through and educated in the complete cybersecurity process.

There are four components of a complete cybersecurity framework, (technology, management, adaptability and compliance) an SME can start anywhere but with each addition the security of the business improves.

Let’s look at one facet of this process.   As a business you purchase an expensive firewall, this is a good investment, if it is configured correctly then you now need to put some management around it.   You can now write some Internet, email and social media policies and use the firewall to enforce them (this does depend on what you purchased)    You need to set up alerts and monitoring on the firewall so you can see what both internal and external access is doing.

That’s the management, what about adaptability? Did you back up the configuration, did you purchase warranty, have you documented and recorded the configuration?   What redundancy is in place?  All parts of the sustainability paradigm that have to be answered to make the business more robust.

That is the technology, management and sustainability components, the last part is compliance.   If you collect other people information then in the most places you have compliance requirements.

The information you gather for your business will depend on what compliance requirements your business has.

  • Names and addresses – relatively low security,
  • social security / tax file numbers – higher security, and
  • credit card, medical information and financial information – major security requirements.

There are also compliance requirements for specific industries.   Furthermore parts of the compliance component will then also tighten up the technology, management and sustainability components.  Each additional component has an impact on the others as they all work to create a security envelope for your business.

So you can see that the process of adding technology creates a ripple effect, adding one component, allows the business to integrate other systems into the business, these then have a positive impact on the security.   Business security is always evolving, all SME’s need to look to understanding their security requirements so that they can keep their business safe.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.