Bezpieczeństwo IT

A 5-Step Security Plan Every Business Can Start Today

Introduction Strategy

1. On security, think bigger Strategy
2. Take small steps on security today, bigger steps as soon as you can Strategy
3. Understand the threat from within Strategy
4. Be vigilant Strategy
5. Prepare for the worst

Strategy 1 – On security, think bigger

Some businesses wonder if they are big enough to even be noticed by hackers. This idea persists because newsworthy cyberattacks happen to very large companies – that’s what makes them newsworthy. When a large company has a data breach, thousands or millions of people are impacted. When a small business has
a data breach, the impact is less, and we rarely learn about it.
But cyberattacks on small and medium-sized businesses are
just as common as attacks on larger corporations.

Take the action

Become a small company with a big-company attitude on security. This isn’t about budget. It’s about awareness and mind-set. Take action Adopt a security-aware approach. This means looking at security in the same way you look at getting things done – you just do it. Become a small company with a big-company attitude on security. This isn’t about budget. It’s about awareness and mind-set. Take action Adopt a security-aware approach. This means looking at security in the same way you look at getting things done – you just do it.

1. Assign IT security responsibilities to someone with the interest and aptitude to take on the tech. This might be the person in charge of rolling out new software across the company, or it might be someone on your engineering team who wants an opportunity to grow.
2. Train your employees on security best practices. Keep the trainings rolling every six to 12 months so the topic stays fresh in their minds.

Strategy 2 – Take small steps on security today, bigger steps as soon as you can

If you’re worried about spending money on cybersecurity today, consider this: you might not have the budget for recovery from a cyberattack. Of businesses that lost access to their data for three months or longer, only 35 remained profitable.3 The truth is that some of the most powerful security moves you can make don’t cost anything. And you don’t have to be an expert to implement them.

Take action

We’re not saying you shouldn’t invest in your company’s cybersecurity. You absolutely should. But there are some low or zerocost things you can do to strengthen your defences immediately.

1. Educate your people on smart password best practices, and ensure they’re enforced. That means making sure passwords are longer than eight characters, not writing down passwords and making sure they’re different from personal passwords.
2. Update software regularly. Those prompts for software updates should never be ignored. Many involve security patches that you wouldn’t otherwise get. Make sure anyone working on a company computer enables automatic updates, and doesn’t delay them when the updates are prompted.
3. Review usernames and passwords for the more public devices in the office – routers, copiers and other Wi-Fi connected devices. Hackers often know the default passwords.

Strategy 3 – Understand the threat from within

Smaller businesses prioritise defence against outside threats. This is appropriate. But given the number of security events tied to employees, and the increased vulnerability of more employees working remotely, you run the risk of underestimating the threat from within. Not all internal breaches are intentional, and we can’t always predict how an employee will behave. In fact, 30% of security events are attributed to careless or uninformed employees.

Take action

Preventing accidental or intentional breaches from the inside takes a two-step effort.

1. Since many threats come through email, it’s easy for an employee to unknowingly share a virus with co-workers. Make sure your software provides comprehensive protection against malware, spyware and viruses across email, applications, the cloud and the web.
2. Use an identity and access management solution, such as Azure Active Directory (also part of Microsoft 365), which supports single sign-on and gives employees a single, secure identity for accessing network resources.

Strategy 4 – Be vigilant

It’s hard to imagine a cyberattack going unnoticed. Surely it would be obvious if data was breached or a hacker gained access to secure files. But it takes an average of four months to recognise that a cyberattack has taken place. Malicious actors have become increasingly sophisticated, so it’s not uncommon for them to stay hidden for weeks or months – continuously stealing more and more data and slowly increasing access to your accounts, devices and files.

Take action

For businesses that don’t have a big budget for cybersecurity, automation and intelligent solutions can increase your efficiency in detecting and thwarting attacks. Your security solution should: 

1. Have real-time reports on suspicious activities.
2. Have automated and intelligent alerts that don’t require a lot of tech expertise to decipher.
3. Integrate across your business assets, such as your routers, hardware, software, laptops and mobile devices.

Strategy 5 – Prepare for the worst

Whether your business has suffered a security event or not, uncertainty about what kind of attack might come and the scope it might have can keep you up at night. In the most extreme cases, businesses have closed due to an attack. But you can recover, and if you’re prepared, you can limit the losses.

Take action

There are nearly endless actions you can take to be absolutely prepared for any cyberattack scenario. But some of the simplest actions can give you the protection and defence you really need:

1. Back up critical data, preferably in the cloud, and have a system in place to do so regularly.
2. Schedule regular employee education on basic cybersecurity practices.
3. Implement a detection system to make sure that you are getting a comprehensive and real-time view of useful security data and activity