Digital security and financial efficiency don't always get along, and it's almost always up to IT to patch the relationship. 
Whether your company's financial decision-makers have already declined your proposals or you're pretty sure they're going to, the security needs that forced your request are still there. Worse, there's a chance you'll shoulder the blame if your company is hit by a breach, no matter how hard you tried to secure funds beforehand. Telling your boss "I told you so" is usually a terrible idea, so implementing affordable security measures is one of the best skills an IT professional can have when it comes to personal and career development.
Mitigate the biggest risks
Remember the first rule of security: you're always at risk for a breach. Identifying and covering your biggest vulnerabilities should be your top priority. If you can't replace a weak fence, you should at least patch its biggest holes.
Companies that are extremely reliant on the internetโthose that use multiple critical cloud-based technology tools, for instance, or that host a large web presenceโare especially vulnerable. Fifty-eight percent of cyberattacks target small businesses, Security Magazine reports, and that might prompt you to spend what little money you have on improved firewalls and network appliances. Companies that handle a lot of personally identifiable information about their customers, on the other hand, may invest in extra access or security training for reps in an effort to reduce the effectiveness of social engineering attempts. Others may use their existing budget to bring in a consultant for a one-off brush-up. In this case, doing anything is better than nothing.
Harden and enforce
You know the value of data security education, but setting strict policies is just as important for working within your cybersecurity security budget. If you have the support from your higher-ups, institute a policy that work devices and networks are for workโand only for work. Such a policy might seem draconian, but it can prevent major headaches, especially when used in conjunction with affordable monitoring and blocking tools.
Ransomware, CNet says, shuts down one of every five SMBs it hits, so preventing it is paramount. Take, for example, Locky, a nasty bit of ransomware that, Fossbytes writes, used Facebook Messenger to infect businesses. In cases like this, instituting a policy instructing people to stay off Facebook at work or on work devices will have some effect, but backing it up by blocking the site and the Messenger app to match the policy will keep all but the most determined away.
As basically everyone is on Facebook anyway, this move also invokes the idea of mitigating the biggest risk. Should you hear grumbling from the staff, an office-wide email on just how dangerous (and costly) ransomware can be should silence it. Explaining the risk in personal termsโ"Do you really want our payroll data to be irreparably encrypted? Do you want to risk carrying an infected file home on your thumb drive?"โcan also be effective.
Backup, restoreโflex pay?
Instilling a backup plan within the parameters of your cybersecurity security budget can be a bear if you don't have the facilities in place. Here, a hybrid cloud setup using pay-as-you-use tools could be effective, as can hardware vendors with flex-payment options. Consider, too, that presenting solutions with more flexible payment schemes after asking for a security budget you know you won't get is a staple of effective workplace psychology.
Assume physical loss
There are few easier ways for attackers to get at sensitive data than to literally pick it up off the ground. Planning for loss and theft should be a major part of your plans for cybersecurity, regardless your of industry or budget.
While you can't just shrug your budget away, you can make use of affordable tracking and remote-wiping tools for business and business-touching hardware, like employees' personally owned devices. Many products come with this capability out of the box, assuming you take time to set it up. If you haven't, make today the day. Master data management tools make this possible even on employee-owned devices. When combined with policies that require strong passwords or PINs and automatically exclude malicious apps, these tools can reduceโor even removeโsome of your biggest security concerns.
Good security is costly, but SMBs can't let a cybersecurity budget consume their tech spending. Even if you can't secure more funds for bigger, safer solutions, you still can protect your company and your professional reputation. Remember that even the best-funded security efforts can't defend against every vector. But if you're crafty, committed, and frugal, you can still put up a good defense.
Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no dumb questions!
Are you ready to purchase? Visit the HPE Store.
Robert Checketts
Hewlett Packard Enterprise
twitter.com/HPE_Servers
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
RobertChecketts
Robert has over 25+ years of IT Marketing and Product Management leadership experience spanning country, Regional and WW organizations. Robert is a marketing executive with extensive experience in field marketing, channel marketing and product marketing on a global basis and is driven to deliver SMBโs end-to-end affordable infrastructure thatโs secure from the start, optimized for every workload, packaged for many consumption models, ready to scale, and easy to manage.
