How can a SMB establish an effective cyber-security plan?


I don’t work at a huge company with lots of resources at the moment. There are only a few of us here, and we all wear a lot of different hats. There isn’t a dedicated IT department, there are just a handful of people trying to make a small business successful. That said, we are all aware that we face risks and need to take cybersecurity seriously to protect both our company and the privacy of our customers. We also know the obvious basics - use up-to-date antivirus software, make sure other software is patched, etc. Beyond that, what should we look at doing to establish a more secure environment and protect our data?

Topic: Security
Answer this Question


4 total
Christopher Nerney
Vote Up (8)

In January, for the first time ever, more Internet traffic was generated by mobile apps than PC browsers. That trend will only continue, so my advice would be to develop a mobile strategy that includes managing devices and apps with an eye toward security. Pay particular attention to the permissions requested by the apps your mobile workers use.

Vote Up (7)

I agree with Chris on this. You probably already have the PC end of it take care of, but the mobile situation might be different entirely. So focusing on that and developing a sound mobile security strategy is a must-do these days.

Vote Up (6)

For concrete examples and an action plan, check out the 80/20 Rule of Information Security that my team did as a public service to the community. You can find it here:

It is something we did to try and give back to the security community. It has a specific set of initiatives that your organization can undertake to build an effective security program.

Questions, drop me a line on Twitter for help.

Vote Up (6)

The California AG’s office recently published some guidelines to help small businesses increase their awareness of security threats and help mitigate those risks. Most of it is fairly common sense, but they are still valid points. Here are the 10 points (and THIS is the link to the full publication that expands on the basic ideas.):

1. Assume you are a target.

2. Lead by example. 

3. Map your data.

4. Encrypt your data.

5. Bank securely.

6. Defend yourself.

7. Educate employees. 

8. Be password wise.

9. Operate securely.

10. Plan for the worst.  

Ask a question

Join Now or Sign In to ask a question.
Former U.S. Secretary of State Hillary Clinton called for a "global compact" on surveillance and the use of collected data, saying the U.S. isn't the only country that does it and American technology companies are unfairly targeted for the government's actions.
Electric carmaker Tesla Motors wants security researchers to hack its vehicles. The Silicon Valley based high-tech carmaker will hire up to 30 full-time hackers whose job will be to find and close vulnerabilities in the sophisticated firmware that controls its cars.
Two recent vulnerabilities are examples of problems that could have been avoided if we had just applied the lessons already learned in similar contexts.
Windows XP users may now download a fourth service pack for the 13-year-old operating system, but it isn't coming from Microsoft.
The growing number of data breaches resulting in massive numbers of payment cards being stolen from retail stores and other businesses is occurring because they're failing to keep up with the Payment Card Industry's data security standard, according to the PCI Security Standards Council.
Email addresses and encrypted passwords of around 97,000 users who tested early builds of the Bugzilla bug tracking software were left exposed for three months following a server migration.
A U.S. Federal Bureau of Investigation spokesman said Wednesday the agency is working with the Secret Service to determine the "scope" of reported cyberattacks against several financial institutions.
A payment card industry security consortium warned retailers on Wednesday of the urgency to secure their systems against "Backoff," a malicious software program that steals card numbers.
Based on data gathered over the first six months of 2014, security researchers from IBM X-Force predict that the number of publicly reported vulnerabilities will drop to under 8,000 this year, a first since 2011.
Join us: