Servers & Systems: The Right Compute

8 ways you can think like a security leader to protect your business

You don't need a large budget or an in-house security expert to reduce security risk in your SMB. But here's what you do need.

think like an IT security leader _blog_129636221.jpgReducing security risks for your organization is one of the biggest and most important tech challenges you face. Every security leader knows that cybercrime is a serious threat; business leaders must also begin to internalize the gravity of an IT incident. The fallout from breached or compromised data can be devastating.

The global cost of cybercrime has reached some $600 billion, according to a Center for Strategic and International Studies report. A 2017 Ponemon Institute study found that 61 percent of small and midsize businesses (SMBs) had suffered a cyberattack in the previous year, demonstrating that cybercrime affects all businesses, regardless of size.

The study also found that damage or theft of IT assets cost these companies an average of $1,027,053, and the resulting disruption of operations cost them a startling $1,207,965. Cause for concern? Only 21 percent of respondents rated their ability to ward off cyberattacks and attenuate cybersecurity risks as "highly effective."

So, what's a small or midsize business to do? The good news is that you don't need a large budget or an in-house security expert to safeguard your data and operations. You do, however, need awareness and a feasible plan to think like a security pro and mitigate security risk.

8 ways to think like a security leader

1.      Create a strong culture of security

A first step should be to implement a company-wide security policy. This policy should outline the security rules your employees must follow as well as your company's technology use policies. Communicating the policy and gaining employee buy-in is critical to developing a culture of security where everyone knows their responsibilities and does their part. Inform and educate your team. Security affects everyone, and everyone needs to understand the risks and be on board.

2.      Verify, secure, and update software

An increased risk of malware is associated with pirated software. It's a huge business risk and should be avoided. Make sure everyone on your team is using legally downloaded software and updating it regularly.

3.      Install antivirus software and build a firewall

Antivirus and anti-malware software should be installed on devices company-wide and updated regularly. A firewall is also essential for minimizing security risk; mobile and remote workers should be protected by one even when out of the office.

4.       Promote password protection

Ensure that all passwords are secure, sophisticated, and private. Passwords should be mandatory on all devices and updated every three months. Apps like LastPass or 1Password can facilitate password management. Also, consider using multifactor authentication for additional security measures.

5.       Enforce a strong mobile data policy

With the rise of BYOD and mobile workforces, good security policies need to address mobile data. Define what data is allowed on employee-owned devices, and authenticate all devices before giving them access to your network. Update software and firmware regularly, and require backups to avoid losing data. Finally, establish a remote wipe policy for missing or stolen devices.

6.      Secure your servers

Servers and storage are the most important pieces of the security puzzle. Not only are your core data assets at risk, but outside attacks can wreak havoc on servers and storage units, resulting in downtime, network bottlenecking, or crashed web applications and hard disks. Make sure your servers and storage are safeguarded with comprehensive data protection and security. Encrypt all data, and schedule regular automatic backups to reduce data loss in a potential crisis.

7.      Monitor network access

Networks face numerous security threats. Controlled and monitored access is crucial to protecting against stolen passwords, software flaws, malware, and rogue devices. On-site Wi-Fi should always be encrypted and hidden from intruders.

To maintain external security, every employee needs public Wi-Fi education, since unsecured connections expose your team to transmission interceptions, snooping, and malware. Additional layers of encryption should be used on public networks, and a VPN should be used when connecting to company data. Sharing features should be turned off, and SSL connections should always be used. When not connected, all employees should turn their devices' Wi-Fi network connections off.

8.      Manage, monitor, and consult

Even if you don't have a dedicated security specialist on staff, you should appoint someone to oversee general security operations. They can help you stay up to date and enforce proper communications and procedures. Hold meetings and conduct regular reviews of your policy, making updates if necessary. Seek outside consultation to advise on and implement standards as well as to help you devise a disaster recovery plan.

Prevention, not recovery

As most security experts will tell you, it's important to expect the unexpected and prepare accordingly. Plan for the least likely event because it's the one mostly likely to hit you and hurt your organization. The focus of security thinking is not recovery—it's prevention.

Looking for the latest information on technologies that are transforming SMBs? Look no further than Hewlett Packard Enterprise's Worldwide SMB 2019 Predictions.

Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no "dumb" questions!

Are you ready to purchase? Visit the HPE Store.

Robert Checketts
Hewlett Packard Enterprise

0 Kudos
About the Author


Robert has over 25+ years of IT Marketing and Product Management leadership experience spanning country, Regional and WW organizations. Robert is a marketing executive with extensive experience in field marketing, channel marketing and product marketing on a global basis and is driven to deliver SMB’s end-to-end affordable infrastructure that’s secure from the start, optimized for every workload, packaged for many consumption models, ready to scale, and easy to manage.