One of the early steps a small business needs to undertake is the creation of a cybersecurity policy. This is not a trivial undertaking, and taking a look at the information below will undoubtedly make this project look daunting to the average small business owner. A good solution would be to find a cybersecurity professional with experience in policy creation and implementation and outsource this project to them.
Having the policy in place is one thing. The next step is to train your employees to the policy, and explain the importance of cybersecurity to the survival of the business, and how to recognize threats and what to do about them as they arise.
Your cyber action plan should include:
- Security roles and responsibilities – who is the go to person(s) in your organization?
- Computer and Internet usage policy
- Social media policy
- BYOD policy
- Employee training on cybersecurity with emphasis on social engineering, fraud, phone scams, and phishing
- Malware protection
- A vulnerability scan or penetration test performed by a qualified cybersecurity professional
- Risk mitigation activities based on the findings of the security testing.
This process will take some time, and require a significant budget. Ideally, this should be an iterative process where your cybersecurity team performs periodic reviews, provides continuing employee education, and suggests new strategies and solutions as new threats are manifested. If you have been kicking the can down the road on this subject, the time to start is now. The likelihood that your business network is experiencing a breach currently without your knowledge is actually pretty high, and getting this project underway is one way to discover the breach and remediate it.