The hackers don’t go home at 5…

Businesses have gone digital – staying paper based is no longer an option. A business’s data is one of its most valued assets. We see large enterprises implementing comprehensive cybersecurity frameworks.

Small business and cybersecurity

How do these cybersecurity steps scale to a small business (say less than 25 employees, less than €1m turnover)? If you have digital assets you need to protect them.  But where to start?

You are another target on the web for any hacker out there.  The implications for you of any such attack may range from financial losses to reputational damage to closure of your business.  You may not have the resources available to you to recover from a significant cybersecurity attack. And insurance is not the answer (even if you can get it and can afford it).

Cybersecurity risks

What are the cybersecurity risks your business?

• Ransomware Attacks: Malicious software that locks you out of your system and data until you pay a ransom.
• Phishing Scams: Efforts to steal sensitive information via emails and messages.
• Insider Threats: Risks from you employees or your contractors misusing their access on your systems to harm your business.

• Supply Chain Vulnerabilities: Cyber risks in respect of third-parties on whom you depend e.g. service providers, software providers, etc

You need to:

• understand the significance of cybersecurity and the emerging risks to your business, and
• implement robust protective measures to safeguard your assets and the continuity of your business

There are a number of excellent frameworks to assist you in developing a comprehensive cybersecurity defence.  And there is an ever-increasing list of vendor products.  But what should you do first?

Top 7 Cybersecurity Recommendations

1. Strong Password Policies and Multi-Factor Authentication (MFA) – Use complex passwords and MFA to secure user identities and enhance defense mechanisms.
2. Regular Updates and Patches – Maintain up-to-date software and operating systems to protect against known vulnerabilities – apply patches on a timely basis
3. Employee Cybersecurity Training – Raise awareness with all your employees and contractors on cybersecurity best practices, including recognising phishing attempts and the requirement to protect sensitive data.
4. Regular Data Backups – Backup critical business data in a secure, off-site location to minimise the impact of data loss.
5. Comprehensive Security Suite  – Deploy security software offering including: antivirus, anti-malware, firewall, and web filtering – to protect against various threats.
6. Limit Access to Sensitive Information (‘need to know’) – Apply the principle of least privilege, ensuring that employees have access only to the data necessary for their jobs.
7. Incident Response Plan – Develop a plan to address potential cyber incidents and regularly conduct drills to test scope and readiness.

Is this all?

No – and far from it.  But, in the first instance, make sure you have these seven steps covered off. 

Lots more to be considered – including the various frameworks (ISO 27001, CIS Controls, NIST Cybersecurity Framework), Zero Based Trust, End Point Security, Security Incident and Event Management (‘SIEM’), Security Operations Centres. 

You depend on your information systems.  Your employees, customers, partners, regulators, shareholders have expectations of you with respect to protecting these assets. When you go home the hackers don’t. Review the seven steps as an immediate initiative – then a broader risk assessment may inform/ direct further actions