If you want to protect your business from cybersecurity threats understanding best-practice cybersecurity habits are vital to ensure your business’s welfare.
New research by PwC indicates that a growing number of Australian SMBs are intensifying their cybersecurity. The 2018 report The Global Importance of Cybersecurity Awareness states that small businesses are becoming more cybersecurity-minded due to high-profile ransomware attacks, data breach disclosure laws and the scrutiny larger organisations are directing at smaller business partners and suppliers’ security.
There’s no definitive or permanent solution to cybercrime but here are five fundamental actions you can take to significantly improve your company’s capacity to protect itself.
Have a cybersecurity policy
An effective cybersecurity policy helps ensure your employees are clear about information sharing protocol, appropriate device/internet use and treating sensitive information.
SMBs with a meaningful cybersecurity policy typically outline to employees guidelines covering areas such as employee password management, social media access, acceptable use of personal devices, data storage, email safety and software updates.
By creating your policy document and ingraining it in your company culture, you’re already better guarded against cyberattacks, compliance violations and legal issues than the many companies who don’t.
Download the Cybersecurity Special Report
Discover how your small business can be better protected from cybersecurity threats
Identify Risks and Weaknesses
There are various self-assessment tools online to help you identify how vulnerable your business is to a cyberattack. The Cyber Security Risk Self-Assessment Tool is an online questionnaire you can complete in about 20 minutes to better understand how likely a target your business is and how advanced your current cybersecurity practices are.
Cybersecurity threats to investigate might centre on malware protection, email filtering, password management and incident response preparedness. It’s also good practice to audit how responsible your employees are with ICT practice and benchmark against other businesses.
Human error is a factor in many cyberattacks. One of the keys to minimising this is to provide employees with cybersecurity awareness training.
Stay Smart Online is one of many valuable online resources to provides tips on cybersecurity awareness training. Some of these include:
- Identity who in your business is going to lead cybersecurity awareness.
- Include cybersecurity awareness training in new employees’ induction.
- Disseminate free resources such as Stay Smart Online’s My Guide, which has a range of valuable educational tips around areas such as passwords, privacy and safe internet surfing.
- Share experiences of real-life security incidents over team meetings.
You can also complement employees’ cybersecurity awareness training with employee incentives, employee evaluations and live training drills.
Spending on technology isn’t the panacea for cybercrime but it definitely helps. But how should you spend? Cisco’s 2018 Annual Cybersecurity Report highlights that almost half the security risk SMBs face is attributable to having multiple security vendors and products. Many SMBs who opt for single-vendor security solutions also complement these with cloud-hosted security solutions.
Last year, Gartner forecast the total worldwide market value for cloud-based security services would increase US$4.8 billion in 2016 to almost US$9 billion in 2020. The report indicates that organisations consider email security, web security and identity and access management (IAM) to be the biggest cloud-based cybersecurity objectives.
An established cloud security solution offers SMBs the potential to access security controls that are delivered, updated and managed through the cloud. This translates to implementation and maintenance that’s faster and cheaper.
Measure cybersecurity effectiveness
You’ve introduced a cybersecurity policy. Your staff is trained up on it and you’ve embedded the policy into the fabric of your business operations. It all seems to signal you’re on the right track to strong cybersecurity. But the best way to know for certain is to actually measure the effectiveness of your cybersecurity.
Barometers to keep in mind include employee completion of cybersecurity training, reported incidents, cost of incidents, downtime incurred and the time required to resolve incidents. Data should be precise, relevant, easy to understand and readily accessible.
As Cisco highlights in its latest research, cyberattackers are continually adopting new ways to break cybersecurity barriers, so your security technologies and strategies should continually adapt.
Discover how your small business can be better protected from cybersecurity threats. Sign up for a free trial of Cisco Umbrella.