Cyber attacks targetting small businesses that often do not have the resources to defend against devastating attacks like ransomware have grown. As a small business CEO or CIO, you have likely come across outdated security advice that does not help prevent the most common attacks. The security landscape has changed, and your cybersecurity knowledge needs to evolve with it. Here are 5 tips to get you started:
Establish a culture of [cyber] security
Talk about cybersecurity to leadership and staff, communicate cybersecurity program initiatives in your regular communications, and set measurable quarterly cybersecurity goals are just a few examples.
Hire a vCISO or part-time CISO
Due to the ever-changing nature of the cybersecurity threat environment, consider having a part-time CISO (vCISO) on a retainer to assist your organization with all cybersecurity initiatives. A vCISO can lead your staff in developing DRP, IRP, Acceptable Use Policy, Cybersecurity Policy, Remote Access requirements, etc.
Develop and implement an incident response plan (IRP)
An incident response plan (IRP) has different objectives depending on the author; if the authoring source is IT, the IRP will focus on service restoration; however, investigating a cyber incident and potentially a forensic investigation will be a cybersecurity function, where a vCISO could assist your organization.
Perform regular tabletop exercises
Regular simulation exercises, such as tabletop exercises, will condition your team to respond appropriately to incidents.
Support IT Leaders
There are places where the support of a vCISO, CIO, and CEO is critical, especially when a good cybersecurity program will require the help of every staff member in your organization. For example, don’t rely on the IT team to persuade busy employees to use Multi-Factor Authentication (MFA); instead, have your vCISO or CEO make the announcement.
Author: Dr. Bill Souza | Jul 28, 2022