Cybersecurity Essentials for Small Businesses

Jun 30, 2023 | Listen

Cybersecurity Essentials for Small Businesses

As a business owner, growing your company – and maybe not cybersecurity, is your priority. You’re probably busy building your brand, attracting new customers, and increasing revenue. However, it is crucial to recognize the potential cyber threats accompanying such growth.

Imagine the devastating consequences of data theft, sabotage, and security breaches that have the power to derail your business completely.

So how protected is your business from cyber-attacks?

In this episode, cybersecurity expert Bryant Tow and I explore the necessary steps to take if your systems are compromised. He also provides invaluable insights on protecting your business from the ever-present danger of cyber threats.



Timestamps for this week’s episode

  • 02:00 Cybersecurity breaches in small businesses are found in their processes and policies

  • 06:03 Preparing for Cyber Extinction: The Incident Response Process

  • 14:31 How to create a Cybersecurity Plan for your small business

  • 34:10 Actionable steps to take to build a strong cybersecurity foundation

  • 39:14 Understanding your business processes can save you money on cybersecurity investments

Cybersecurity breaches in small businesses are found in their processes and policies

The majority of headline breaches originate from process, policy, or people.

While technology vulnerabilities are important to address, it’s vital to understand the business first and prioritize steps to protect it, such as conducting a business impact analysis.

This will enable businesses to make the right decisions with their technology while understanding all the potential access points (or the keys to the kingdom), which is key to protecting against cybersecurity breaches.

Most people don't realize that when you do the root cause analysis on any of the headline cybersecurity breaches, nearly all originated in the process, in the policy, and in the people.

Preparing for Cyber Extinction: The Incident Response Process

Every business, big or small, should have an incident response plan and process to handle cyber attacks.

This plan should be a technical solution, process, and part of the organizational structure.

It should ideally include the following:

  • Identifying a cyber incident response team that involves executives, HR, IT, PR, legal, and other relevant departments
  • Running mock cyber ransomware attacks to help identify the necessary actions and decisions

Having a plan in place can help turn a potentially catastrophic event into one that is an easily fixed annoyance.

“Having an incident response plan to protect your business takes that ‘running down the street with your hair on fire’ moment, and turns it into an eye roll rather than a catastrophic event that could potentially ruin your business.” – Bryant Tow

How to create a Cybersecurity Plan for your small business

  • Establish a cybersecurity plan to mitigate risks.
  • Involve roles like HR, legal, and PR in the plan.
  • Consult an attorney and cyber professionals for guidance.
  • Reliable IT management providers can also proactively address outages.
  • Plan the recovery process for breaches and identify necessary steps.
  • Consider dark web investigations if required.
  • Involve executives, HR, IT, PR, legal, and law enforcement in the plan.
  • Make informed decisions about making payouts in case of ransomware attacks.
You need to find a seasoned veteran, somebody that understands security from the business level and what business impact analysis means, not a technical person that's going to throw a tool at you.

Actionable steps to take to build a strong cybersecurity foundation

The next immediate and actionable step you can take within the next week or two is to find an experienced cybersecurity professional who will understand security within the context of your business first and not just the technical and technological aspects.

Simply having highly available technology doesn’t ensure smooth business operations. For instance, considerations like managing a workforce and making practical decisions are crucial when dealing with incidents or continuity plans.

It’s about finding the right balance between technical solutions and practical implementation for a comprehensive cybersecurity approach.

Understanding your business processes can save you money on cybersecurity investments

Cybersecurity conversations should focus on understanding the business impact and doing the right things to protect the business.

They are not just about zero-day vulnerabilities.

Protecting the business involves helping companies make the right technology decisions, understanding how technology can protect the business, and conducting business impact analysis.


Summary

  • To succeed in guest podcasting for business development, it’s crucial to use a proven system, target the right podcasts, and understand your goals and audience to convert listeners into leads.
  • A well-structured incident response plan involving multiple departments and mock ransomware attacks can turn cyber incidents from potential catastrophes into manageable challenges for businesses of any size.
  • Creating a cybersecurity plan entails engaging key management personnel and roles, seeking professional guidance, strategizing for potential breaches, and making “go or no go” decisions regarding ransomware attacks.
  • Find and work with a knowledgeable cybersecurity expert or consultant who can approach your security from within your business versus just offering new tools or other technical solutions.
  • Understanding a business’s specific needs and risk management is crucial before investing in expensive cybersecurity measures that may only protect a small percentage of your company’s data and systems.

Transcript

Read More

About guest – Bryant Tow

Chief Security Officer, Author, Speaker

Leapfrog Services

Bryant is the Chief Security Officer at Leapfrog Services. For over 25 years, he has held responsibilities as an entrepreneur and senior executive in all aspects of risk management, including thought leadership in cyber security, award-winning development of security solutions, and managing large global cyber and physical security teams.

He has also held executive leadership positions in multinational consulting firms and has been involved in several startups. Recently, he was the Chief Security Officer for CSC’s Financial Services Group and was responsible for securing 143 applications in 52 countries.

Bryant’s leadership positions across the security industry include the Department of Homeland Security Sector Coordinating Council, ISSA, and ISACA, and as a board member and vice president of InfraGard National Members Alliance.

He is recognized as a Distinguished Fellow by the Ponemon Institute, the industry’s leading research organization.

He has also published several books and articles on cybersecurity topics and has received several awards, including the Governor’s Office of Homeland Security Award for Exceptional Contribution in Recognition of Outstanding Support of Tennessee’s Counter Terrorism Program.

Website: https://leapfrogservices.com/

LinkedIn: https://www.linkedin.com/in/bryanttow/

Instagram: https://www.instagram.com/leapfrogservices/

Facebook: https://www.facebook.com/LeapfrogServices

Email: Bryant.Tow@LeapfrogServices.com


Explore More

Table of Contents