Refine Your Search

Three Steps to Help Increase Cybersecurity

Cyber crime is a $445 billion industry, growing daily. Because of the size of most of the publicized attacks, such as the 2014 attacks at Sony, TARGET, and Anthem, many assume that small businesses are safe from cyber crime.

Reports show that over 50% of attacks are on businesses with less than 1,000 employees and 31% are on businesses with less than 250 employees. Small and mid-sized businesses are at as much risk as larger corporations, and the costs of cyber crime are often higher for small businesses.

The KSMC team has identified three key steps an organization of any size can take to help protect against cyber crime.

  1. Provide onboarding and ongoing security training to ALL employees.
  2. Execute a security assessment annually.
  3. Develop an IT security program.

1. Provide onboarding and ongoing security training to ALL employees.
Organizations are more secure when every employee is involved in cyber security. Fostering ownership across the organization requires understanding of cyber crime, how to protect an organization, and how to recognize cyber crime when it happens. Onboarding training to every employee sharing best practices and policy to keep the organization safe helps to instill this ownership. Ongoing training promotes cyber security as the techniques for cyber crime and organizational environments change.

2. Execute a security assessment annually.
As cyber crime evolves and an organization’s staff and systems change, vulnerabilities evolve as well. It’s recommended that an organization have a security assessment completed annually and – important – completed by an outside vendor. An outside partner will review systems independent of organizational knowledge and perform tests that likely aren’t available internally.

3. Develop an IT security program.
An IT security program helps to protect an organization in the short-term and long–term. The difference between a security program and a plan is the breadth of the deliverable. An IT security program includes planning and documentation of the organization’s approaches to patch management, administrative rights, perimeter security, and systems monitoring. Additionally, it includes a business continuity plan and an incident response plan. The entirety of the program provides direction and policies to keep the organization secure against cyber crime.

With the size and consistent growth of the cyber crime industry, organizations that are diligent about training employees, assessing IT security, and developing a holistic security program are significantly less susceptible cyber crime.