Well its about time. Finally, SMB’s are starting to get some protection from the Federal government. Let’s be honest the Feds have been slow to move to help SMBs with their cyber security concerns. As one of the most targeted segments of the business community, many SMB’s are sitting ducks given the sophistication and cunning of todays attackers. The most quoted statistic in cyber security still holds true. “60% of all SMB’s that suffer a breach are out of business in 6 months.”
On August 14th the President and Congress unanimously signed into law the new National Institute of Standards and Technology, (NIST) Small Business Cybersecurity Act.
“It requires NIST to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
The resources to be provided are informational. They must be generally applicable to a wide range of small businesses;
- They must vary with the nature and size of small businesses.
- Promote cybersecurity awareness and workplace cybersecurity culture.
- Include practical application strategies.
- Resources must further be technology-neutral and compatible with COTS solutions.
- Consistent with international standards and the Stevenson-Wydler Technology Innovation Act of 1980.
Use of these resources by small businesses is voluntary.”
Information and knowledge about cyber security is critical for all small business. This law will help SMB’s better understand and educate themselves on practices and measures that can be taken to build an active culture of security.
Building knowledge and practices around cybersecurity is critical for SMBs, but it is also critical to understand the tools and resources that are available for SMB’s to protect themselves.
The Tek recommends a simple straightforward four step process to build your cybersecurity plan.
Step 1:
Every SMB should consider an in-depth risk assessment evaluation. A risk assessment will allow you to clearly see the risks that exist within your company. The Tek has developed a risk assessment program specifically designed for SMBs. The results of the assessment will give you a blueprint of both your physical and digital risks.
Joey Costa, Founder and CEO of the Tek says, “I figured if we built our security practice strong enough to meet the needs of an industry as heavily regulated as the financial services sector, we would be in a great position to help all kinds of SMBs.”
Step 2:
Once the risk assessment is completed a plan should be developed to shore up your risks and strengthen both your physical and digital security.
The Tek has both the internal expertise and partnerships with key security vendors to make sure you have the best technology and software available to build a proactive defense against intrusions of all types.
Step 3:
Consider a 24/7/365 monitoring system. Much like a security monitoring system for your physical assets, you should consider a monitoring system to keep you safe from on-line criminals.
The Tek has an affordable monitoring system that proactively watches for unwanted digital intruders, hackers, and cyber criminals. Proactive monitoring is paramount to your on-line security.
Step 4:
Proactively prepare for a breach. Do your research in advance. Have a cyber security partner on retainer or at a minimum know who you want to use and how to contact them should and incident occur.
Joe Gross, CSO/CISO at The Tek says, “even if you don’t intend to put a security partner on retainer, at a minimum, decide who you want to use and call them ahead of time. Let them know if you have a problem you are going to call. Ask what the process is and how to engage in an emergency. I hear panic in voices every day asking what now? I tell everyone, have a plan…be prepared!”
These four simple steps along with understanding the information provided by NIST, is a great way to start to build your cyber security plan. Remember, if you are going to be connected you must be protected.
Rick Miller is COO and Partner of The Tek, an MSSP specializing in risk assessment, risk mitigation, protection, and education to SMBs. Rick is a long-term veteran in the IT industry. His success has been founded in propelling start-ups and turnarounds to success and profitability. His experience has helped to grow multiple companies from start-up to profitability.
