The First step in cybersecurity for your business – do an inventory

To most small and medium business and not for profit organisations cybersecurity is not second nature, to most it is not even an idea, it is just something that needs to be done when it is thought of.   The newest virus or worm outbreak, the time to update to the newest IOS (because my iPad tells me to), the adding of a new user are all things that are done when it comes to mind.

Most of the time SME’s are putting out fires and not developing a comprehensive security framework.   So SME’s are spending large amounts of time and effort with no plan or direction.

Why?   The problem is that most SME’s don’t know where to start.

To really understand business security you have to first work out what needs to be protected.   You need to do a security inventory, work out what needs to be protected, why it needs protecting and at what level it needs to have protection applied to it.

To do that you have to ask the right questions, but you also need to understand your business.   For instance – an in-house database (ACT) that contains all of your business contacts, your marketing and sales funnel is very important to your business resilience.

You need to make sure that only authosised people have access.   You need to check at what level they have access.   You need to control what they can do to the database – can they add contacts or maybe add marketing plans or copy and download the information contained within the complete system.   You need to make sure that there is a disaster recovery and business continuity plan in place.

To gather all of this information you have to do an inventory of all of your business data.

That inventory tells you the following information:

  • What data needs to be protected,
  • who needs access,
  • where the data is located,
  • how long the data needs to be retained and
  • Where the data is backed up to.

This is just the start of a cybersecurity plan but it is one of the most crucial components.    Without it you can not build a cyber resilience plan around your business, you cannot protect that information properly or understand where all of the data is.   A plan that will help you protect your staff, your data and your clients from bad things happening and help you build trust across the whole of the business environment.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.