Mark Harrison Interview
Mark Harrison interviewed by C-Suite Network's Gregg Greenberg.

No individual or organization is safe from the reach of cyber criminals. Corporate data breaches are more common than ever, and despite advances in security software, hackers continue to get more sophisticated and difficult to detect.

As a small business owner, cybersecurity should be a top priority. Small Business Trends reports that 43% of cyber attacks target small companies, and yet just 14% of these businesses believe they can successfully mitigate cyber risks with their current resources.

If you don't want to join the 60% of small businesses that shut down within six months of a cyber attack, you'll need to actively protect yourself from hackers, data breaches, and other security threats. CO— recently spoke with Mark Harrison, a consultant for penetration testing and security services firm Pen Test Partners, to get his best cybersecurity advice for business owners.

1. Make cybersecurity a part of your business operations.

According to Harrison, business cybersecurity comes down to "people, patches and passwords." First and foremost, he recommends educating your staff members about cybersecurity, including how to spot specific types of attacks.

"Phishing is a big problem at the moment, so make sure they understand what that is and how they can protect themselves from it," he added.

You should also ensure that your company is regularly installing any software and hardware updates released by vendors. A report by the Ponemon Institute and ServiceNow found that most data breaches are the result of unpatched vulnerabilities, so it's crucial to make patching a mandatory part of your employees' work flow.

Finally, Harrison emphasized the importance of strong password policies throughout your organization. Employees should use different, complex passwords for each of the different applications they use. Harrison noted that a single sign-on password management solution can make this easier on your staff.

2. Use disk encryption.

Even if your staff follows all the right security protocols, there's still the risk of an employee losing their company-issued device, or a thief breaking in and physically stealing equipment. Disk encryption is the best way to prevent a cyber criminal from accessing any of your data on those devices, said Harrison.

"Disk encryption would mean that if somebody comes in and ... [takes a] laptop or a desktop or a server, then they can't access the data."

Cybersecurity comes down to people, patches and passwords.

Mark Harrison, Pen Test Partners

3. Develop a first response plan for security incidents.

What happens if, despite your best intentions, a cyber criminal hacks into your company's network? Without a solid strategy in place, you won't be able to recover as quickly from this incident – if you recover at all. That's why Harrison advises every business to create a first response plan that can immediately be put into action in the event of a breach.

"You need to know exactly what you're going to do," he said.

Part of this plan involves a bit of preparation in the form of proactively and regularly backing up your data.

"Backups are very important," Harrison told CO—. "When [a cyber attack] happens, you shut down what you've got ... [and] take an image of that so that it can be used for forensics in the future, and then you load up a new one [from your backup]."

4. Choose the right cybersecurity vendor for your risk level.

Every dollar counts in a small business's budget, so it's important to spend wisely when it comes to cybersecurity. When evaluating a security vendor, you should look at a few different factors to make your decision, including the company's history and publicly available data.

"A good cybersecurity vendor will release lots of free information [such as] whitepapers [and] ... research they've done," said Harrison. "Companies doing that kind of free work [are] probably in the right space."

Get more of Mark Harrison's small business security tips from this interview with C-Suite Network's Gregg Greenberg.

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

Mark Harrison interviewed by C-Suite Network's Gregg Greenberg.
Published February 25, 2019