The 3 P’s to Security for Small to Midsized Companies

Oct 04, 2018 - 1:00pm

Policy Manager, National Security and Emergency Preparedness

Consultant, Pen Test Partners

While multinational organizations and governments garner front-page news when they are the victims of a cyberattack, America’s small and midsize businesses are actually more at risk to cybercrime.

The MetLife & U.S. Chamber of Commerce Small Business 2017 Q3 Index found that almost 60% of small businesses were concerned about cyber threats, and in a follow up survey later that year, found nearly half of the businesses sampled did not have a plan to deal with cybercrime.

But let’s face it, cybersecurity for a resource-limited organization is hard, and even more difficult if you don’t have a certified information security professional on staff.

Many small and midsize businesses need to know whether the level of protection they have is enough or, more simply, they need to know what they are missing when it comes to securing their business.

With that in mind, here are some tips that businesses of all sizes can do to check their information security programs.

Passwords must be complex and never reused on different platforms and systems.

  • Use two-factor authentication to remotely access your domain
  • Give users access to a password manager to discourage password reuse
  • Users should not be given administrator permission on their workstations and laptops

People should be as knowledgeable and vigilant as possible.

  • Teach your employees the potential attacks against them, especially phishing emails
  • Run through scenarios in a classroom to show how these would happen and what they should do
  • Evaluate their learning by running simulated attacks. Use external companies where needed, for:
    • Penetration testing
    • Simulated phish
    • Social engineering
    • Repeat the above as and when you afford to

Patching, or updating computer programs and applications to fix known vulnerabilities, is critical.

  • Maintain a list of all the systems you have
    • Double check this is accurate by running a discovery scan
    • Minimise the different version types you have
  • Produce a detailed patching policy and follow it
  • Don’t forget apps too – patching isn’t just about the operating system
  • Engage an external company to help if needed, as this is an essential activity

As the cyber threat landscape continues to evolve, there are no signs that cybercrime will decrease anytime soon. America’s small and midsize businesses must continue to invest in risk management processes, people, and technology.

For more information, read the RSM U.S. Middle Market Business Index Special Report on Cybersecurity.

More Articles On: 

About the Authors

About the Author

Vince Voci
Policy Manager, National Security and Emergency Preparedness

Vincent Voci is a policy manager for National Security and Emergency Preparedness at the U.S. Chamber of Commerce.

About the Author

Mark Harrison, Consultant, Pen Test Partners
Consultant, Pen Test Partners
Mark Harrison is a consultant with Pen Test Partners, a partnership of high-end penetration testers.