October 7, 2021
Do Your Part. #BeCyberSmart
October is designated as Cybersecurity Awareness Month to continue to raise awareness about the importance of cybersecurity across our Nation. It is a collaborative effort between government and industry to ensure everyone in the Nation has the resources to be safer and more secure online.
Now in its 18th year, the need for the campaign has never been greater. Attackers are becoming more sophisticated and going after all-size businesses. Although large corporations make the headlines due to the customer impact, small and mid-size businesses are just as likely to be targeted. As business leaders and individuals, we all need to do our part to be cyber smart. According to CNBC small business playbook:
- “Cyberattacks now cost businesses of all sizes $200,000 on average.”
- “Forty-three percent of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves, according to Accenture.”
- “In 2019, more than half of all small businesses suffered a breach within the last year.”
Actions you can take to increase cybersecurity awareness in your organization and mitigate the impact of a cyberattack:
- Approach cybersecurity as a business risk. What information, if compromised or breached, would cause damage to employees, customers, or business partners? Ask yourself what type of impact would be catastrophic to your operations? What is your level of risk appetite and risk tolerance? Raising awareness helps reinforce the culture of making informed decisions and understanding the organization’s risk level.
- Determine how much of your organization’s operations are dependent on IT. Consider how much your organization relies on information technology to conduct business and make it a part of your culture to plan for contingencies in the event of a cyber incident. Identify and prioritize your organization’s critical assets and the associated impacts to operations if an incident were to occur. Ask the questions that are necessary to understanding your security planning, operations, and security-related goals. Develop an understanding of how long it would take to restore normal operations. Resist the “it can’t happen here” pattern of thinking. Instead, focus cyber risk discussions on “what-if” scenarios and develop an incident response plan to prepare for various cyber events.
- Lead investment in cybersecurity. Invest in cybersecurity capabilities for your organization and staff. This includes investments in technological capabilities and continuous investment in cybersecurity training and awareness capabilities for your organization’s personnel. Have conversations with your employees, business partners, vendors, managed service providers, and others within your supply chain. Use risk assessments to identify and prioritize the allocation of resources and cyber investment.
- Build a network of trusted relationships for access to timely cyber threat information. Maintain situational awareness of cybersecurity threats and explore available communities of interest. These may include sector-specific associations, vendors, government agencies, and local law enforcement.
- Lead development of cybersecurity policies. Business leaders and technical staff should collaborate on cybersecurity policy development and ensure policies are well understood by the organization. Review all current cybersecurity and risk policies to identify gaps or weaknesses by comparing them against recognized cyber risk management frameworks. Develop a policy roadmap, prioritizing policy creation and updates based on the risk to the organization as determined by business leaders and technical staff.
If you need help starting your cybersecurity journey or increasing your cybersecurity posture, Dewpoint security professionals are here for you. Reach out to us today to learn more about mitigating your cybersecurity risk.