Home>Articles>Cyber Security>Small Business Cybersecurity Toolkit- Part 1 of 2
Small Business Cybersecurity Toolkit- Part 1 of 2

Small Business Cybersecurity Toolkit- Part 1 of 2

Cybersecurity is one of the top considerations and should be considered part of the cost of doing business. Small companies are often left out with little or no information, abilities, or resources to protect their investments. Implementing best cybersecurity practices can be a challenge for most small companies, however, organising system-wide actions can save time, money, and a company’s reputation against cyberattacks. Creating a cyber readiness culture means that everyone in the company must be educated and onboard with the information and plans of response in the event that a breach or attack is detected.

Owner/Leader/Management:

It will be up to top management and/or owner to lead the charge in working with internal staff for the development of a strategy for cybersecurity. Directions must be clear on the priority so that all follow through and report back on the status.

  • Have a professional company do an analysis of any unique cyber risks.
  • Both IT employees and Service Providers must be involved in education and updates on basic cybersecurity for the business.
  • Specific tasks given to IT, while others are designated to trusted relationships with sector partners.
  • Create cybersecurity policies with reviews and updates on a monthly basis.

The Employees/Staff

All staff members must be aware of the high level of security vigilance and awareness. Bring professional companies in for educating employees on the various types of breaches/cyberattacks.

  • Training of staff should include basic cybersecurity terminologies, and actions/reactions to implement best practices for cybersecurity.
  • Create a company environment that encourages staff to make good online choices.
  • Educate employees on the risks associated with cybersecurity including emails that may be compromised and phishing.
  • Use professional associations, private sector, and academic institutions for access to additional training resources.
  • Assign or hire specific employees dedicated to current cybersecurity events and alerts for threats within your business environment.

Your Company Network System

The infrastructure of your business network is the heart of your operations. Detecting any cyberattack or breach requires specific actions for protection.

Management and Supervisors should receive constant updates on the integrity and status of the network. They should also be advised as to where the critical information resides as well as which applications within the network stores and processes information. They should work with the IT staff to create security protocols around each of the critical areas which might include everything from customer data to proprietary information.

Service Providers and IT Professionals will carry a larger percentage of the load in detection and protection of the network.

  • Create a detailed list of all hardware, software inventories and designate which areas are at risk for a cyberattack.
  • Complete a detailed list of all updates that are automatic for all of the operating systems as well as all software that is third-party.
  • Put in place secure configurations for all assets involving software and hardware.
  • Get rid of all unauthorised or unsupported software and hardware from the system.
  • Create security settings in email and web browser abilities for the protection against unsecure webpages, emails that have been modified, and spoof emails.
  • Establish application integrity by developing whitelist policies for allowance of only approved software and hardware additions to the system.

Your Digital Workplace

Maintaining an organized digital environment that protects your company involves only having authorized access.

Managers and supervisors need to have strict policies in place to make sure that only authorised users have access to your digital workplace and all former employees, staff, and outside vendors are removed. They should create access levels for privileges that not only limit those that don’t need upper-level access but offer a trail to report who operates within the system and the level of authorisation.

Service Providers and IT professionals need to maintain diligence and report the status of:

  • Who is operating within the network as well as consistent reports of user accounts, business partners, and vendors that may have access.
  • For all administrative privileges and offsite/remote access, require multi-factor authorisation.
  • Limit administrative permissions to those that absolutely require them.
  • Make use of unique passwords that are alpha/numeric and require that they be changed on a regular basis.
  • Follow through with immediate removal of any users that have been transferred or terminated.

Sources:

CISA.gov