When it comes to cybersecurity, the worst thing you can do is run out and try to buy your way out of worrying about it. As we hear time and time again, security is a process… NOT a product. Applying any sort of technical safeguard BEFORE you know the risks you are susceptible to is just plain silly.
Besides, security is more than firewalls and antivirus. It is about risk mitigation, NOT risk avoidance. And every business out there will have a different tolerance for risk. The best way to tackle cybersecurity is through a strategic approach which includes plans to secure existing systems and keep your business going forward.
Now, this is a perfect opportunity for IT Service Providers to engage in professional services with your clients. You can help evaluate your client’s current cybersecurity posture and create a plan on how best to handle it, producing the appropriate guidance to help reduce risk to an acceptable level for them. And, it helps you to produce a deployment schedule where you can offer guidance on how to best do that, and help to gain business alignment on the deployment of technical safeguards in the future as appropriate.
To help you along the US Federal Communications Commission created the Small Biz Cyber Planner that can help you do just that. You can find it at www.fcc.gov/cyberplanner. Use this tool to create and save a custom cyber security plan for your client, choosing from a menu of expert advice to address your client’s specific business needs and concerns.
As you create the cybersecurity plan and tailor it for your customer, make sure you focus on three key areas:
- Prevention: Solutions, policies and procedures need to be identified to reduce the risk of attacks.
- Resolution: In the event of a computer security breach, plans and procedures need to be in place to determine the resources that will be used to remedy a threat.
- Restitution: Companies need to be prepared to address the repercussions of a security threat with their employees and customers to ensure that any loss of trust or business is minimal and short-lived.
While you are generating the template for this plan at the FCC, make sure you also download their Cybersecurity Tip Sheet. It provides ten simple cybersecurity tips for small businesses. Just remember the most important part of Tip #10.
“Consider implementing multifactor authentication that requires additional information beyond a password to gain entry.”