In the first and second posts of this three post series, we looked at the essentials “must-haves” of small business cybersecurity, and then at a more advanced list of “better-haves.” In this final post we will look at some advanced concepts and planning that typically are part of the cybersecurity process at larger enterprises. For a small business owner, this may seem like a lot to go through, but again, working with a cybersecurity professional or firm that specializes in this would be best. They have been through the process before with many other clients, and it is a simpler thing for them to complete these tasks than it would be for you to undertake them yourself.
Here are the final 3 steps in creating your cybersecurity plan:
- When considering the costs associated with your cybersecurity program, compare them to the losses you could sustain in the event of a breach. Loss of funds in a compromised bank account are easy to calculate, but consider what the loss of proprietary information, plans and processes could cost your firm. Loss of customer or employee personal data could result in identity theft, and could result in lawsuits and hefty regulatory fines. Average losses to businesses in the US to cybercrime are about $1500 per employee. If you can reduce this amount in your business through a cybersecurity program, this is where you find your budget.
- Develop a contingency and disaster recovery plan. In the event of a cybersecurity breach or other network impacting event, have a plan in place for quickly recovering your business operation. Don’t limit yourself in this exercise to cybersecurity consideration, but plan for fire, flood, burglary and other theft. You need to make a complete inventory of all the computers, servers, printers, and other network devices of course, but a complete inventory of other physical assets will be needed in the event of insurance claims. Store a copy if this document off-site.
- Develop a computer and network use, and cybersecurity policy manual and train it to your staff, especially any new hires. Here again, both the policy creation and the training piece may be best assigned to a specialist in the field.
So that wraps up our series on business cybersecurity. If 2015 is the year you are going to take this issue seriously for the first time, this article and the NIST monograph linked below are a great place to start.Share