Learn How you Can Put a Cyber Security Plan into Action for your Business

‍

Cyber-attacks are a growing concern for small businesses. According to the FBI's Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2020 alone. Small businesses are attractive targets because they lack the security infrastructure of a larger organization. According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber-attack. Many businesses can't afford professional IT solutions and have limited time to devote to cybersecurity, or they don't know where to begin.
I spoke to a local Cyber Security Company, Interactive Security and they shared with me a Proactive Cyber Security Plan you can put in place.  

1. Evaluate your current cybersecurity posture
2. Risk assessment – using a qualified third party to assess your organization (ideally using an industry-standard framework such as NIST, CIS, or ISO). However, a broader more generalized assessment may be adequate for smaller organizations.
3. Identify gaps
4. Remediation of gaps – fix what's missing or broken. Gaps fall into 2 categories:
5. Policy and Procedure development & implementation
6. Proper implementation of IT Systems and Tools
7. Documentation – organization's cybersecurity program (policies, procedures, IT systems & tools, personnel, training, 3rd vendor management) must all be thoroughly documented, properly implemented, consistently updated, and maintained.
8. Maintenance – cybersecurity is not a "do it every so often" or "set it and forget it" task, but rather it's a living breathing practice that must be actively maintained.
9. Testing via internal and external assessments
10. Education of all staff including responsible stakeholders & senior management inside and outside of IT
11. Review & update consistently
12. Don't assume somebody else is doing it or your organization doesn't need it
13. MSP's and internal IT staff are not always focused on your cybersecurity or their proposals have been rejected over time
14. Every organization regardless of size, industry, type of data held, needs to prioritize – its possibly their biggest business risk today

It is important that as a leader of an organization you start by learning about common cyber threats, understanding where your business is vulnerable, and taking steps to improve your cybersecurity. Interactive Security can help you along the way. Contact them at sales@intactsec.com.


Margherita C. Amplo
MCA Consulting Services, LLC.
margherita@mcacs.us

‍