A Greater Town : US : CA : Los Angeles : Computers & Electronics : Informational Technology — Information Technology

SMB IT Security Stance Relies on Denial

Information Technology

Updated on Mar 26, 2013

Edit post | View more like this | Visit Los Angeles, CA | Contact Cyber Data Risk Managers
SMB IT Security Stance Relies on Denial
by Christine Marciano, President, Cyber Data Risk Managers


Most small business owners are not concerned about cybersecurity, and the vast majority have no policies or contingency plans in place. While SMBs may feel confident that their computers and networks are secure, they are kidding themselves.

Case in point: 86 percent of small and midsized businesses (SMBs) say they are satisfied with the amount of security they have to protect customer and employee data and yet 87 percent of that group also say that they have no formal written Internet security policy for employees, according to a new survey released by the National Cyber Security Alliance (NCSA) and Symantec of 1,015 US-based SMBs.

SMBs should be concerned. Today, attackers are taking a shotgun approach and really don't care where they get their data. Everyone is a target. This is important, especially when an SMB's financial stability and future hinges upon how well they manage and protect their private data.

Cyberrisk is invisible, ever changing, and pervasive, making it hard for SMBs to contemplate and truly understand the costs of an inevitable breach. Perhaps this is where the disconnect lies and it may explain why SMBs neglect security planning. It's easier to believe that a written plan isn't necessary because they have all their bases covered. Feeling confident, though, simply isn't enough.

Unfortunately, conducting business in today's digital environment without a prudent and formal crisis plan in place may prove to be a formula for disaster. It is important for an SMB to have a strategy to minimize its costs and reputational damage as it pertains to a data breach when proper protection techniques fail.

What can SMBs do to protect themselves?

Create a written incident response plan. According to the NCSA and Symantec survey results, 59 percent of small business owners/operators say they do not have a contingency plan outlining procedures for responding and reporting a data breach loss. It's a good place to start. When creating a written incident response plan, decide who is going to be on your response team, involve all department heads in planning, and organize your response team before a breach occurs.

Assess your risks. What risks is your business vulnerable to? Where does your data reside? Are you aware of the types of data that flows through your network and mobile devices and how it is being secured? After completing a risk assessment analysis, an SMB should bring its legal, IT, and business operations team together to draft and implement the next steps which should include mitigating the recognized risks, prioritizing efforts and agreeing upon implementation phases.

Assess your security status. According to the NCSA and Symantec survey results, 77 percent of SMBs think having a strong cybersecurity and online safety posture is good for their company's brand, yet a majority have no Internet security policies or procedures. Do you have Internet security policies in place and are you securing all end points? Are you updating software patches? Do you regularly train and educate your employees on data security awareness?

Explore purchasing a cyber risk insurance policy. Cyberrisk insurance can be used as a component to a data breach incident response plan and can help make your response team's roles much easier.

Proactive planning for a data breach must replace a "wait and see" approach as nothing can dissolve (ROI) return on Investment as rapidly as a data security breach. Investing in pre-planning for a data breach can help minimize the damage of an SMB's reputation and could just be what keeps the business afloat after a breach happens.

*Article originally appeared in http://www.point2security.com (10/18/12)

CONTACT:

Christine Marciano
CYBER DATA RISK MANAGERS LLC
US toll free: 1 +855.CUT.RISK
Fax: 1 +732.709.1684
Twitter: @DataPrivacyRisk

goodideazs, LLC is not affiliated with the authors of this post nor is it responsible for its content, the accuracy and authenticity of which should be independently verified.

About | Advertise | Terms | Privacy | Contact A Greater Town

Top Business Listings | Banner Art Gallery | Blog | Seo Site Crawler

Copyright © 2007-2019 goodideazs, LLC. All rights reserved.