This is part three of a three part series on “Cybersecurity Challenges Facing Small to Mid-Size Businesses” (SMB’s). In the previous post, we mentioned guidance and instruction being available online to help create awareness and implement a training strategy that will help lessen the likelihood of criminal hacking and potential data breach. Fortunately there are some very basic steps that will go a long way in achieving a satisfactory level of cybersecurity.
Often, just the idea of protecting the data of a small business can seem overwhelming, let alone implementing an awareness and training program. Many SMB’s first focus on basic technology safeguards, such as firewalls and antivirus applications. While these measures are helpful, they do not address the main cause of data breaches of SMB’s. The most common causes are employee related.
Designate a point person to be responsible for the “Awareness & Training” program. Do not leave it up to each individual employee to take it upon him or her selves to take proactive and protective measures. This point person can insure that all employees are receiving the same instructions and resources and that it becomes a critical part of each employee’s acumen. This point person should have strong communication skills, be well organized and have an affinity for basic computer and cloud technology. These are welcomed attributes in any employee, but a must for this position. This person should be a trusted employee and be able to handle this as part of their overall responsibilities.
Have your designated cyber-person search online for available resources that focus on employee training relating to the most common threats to SMB’s. These include: password management, phishing and other email based scams, file and data sharing, remote access and the security of laptops, smart phones, etc.
- Conduct employee background checks.
- New employee orientation includes cybersecurity training.
- Specific training based on responsibilities.
- Training conducted on an ongoing basis.
- A policy for password creation and periodic updating.
- A policy of least privileged when providing access to sensitive data.
Two great no cost resources are: