Servers & Systems: The Right Compute

How to make a small cybersecurity budget work for your business

Digital security and financial efficiency don't always get along, and it's almost always up to IT to patch the relationship. How to make a small cybersecurity budget work for your business_blog_shutterstock_1288053949 (2).jpgThe pressing need to stay safe has forced C-suite IT execs in every industry into an increasingly vocal role as they present, pander, and plead for more money to spend on security. This work-social dynamic has trickled down to the small and midsize business world, where cybersecurity budgets are even smaller.

Whether your company's financial decision-makers have already declined your proposals or you're pretty sure they're going to, the security needs that forced your request are still there. Worse, there's a chance you'll shoulder the blame if your company is hit by a breach, no matter how hard you tried to secure funds beforehand. Telling your boss "I told you so" is usually a terrible idea, so implementing affordable security measures is one of the best skills an IT professional can have when it comes to personal and career development.

Mitigate the biggest risks

Remember the first rule of security: you're always at risk for a breach. Identifying and covering your biggest vulnerabilities should be your top priority. If you can't replace a weak fence, you should at least patch its biggest holes.

Companies that are extremely reliant on the internet—those that use multiple critical cloud-based technology tools, for instance, or that host a large web presence—are especially vulnerable. Fifty-eight percent of cyberattacks target small businesses, Security Magazine reports, and that might prompt you to spend what little money you have on improved firewalls and network appliances. Companies that handle a lot of personally identifiable information about their customers, on the other hand, may invest in extra access or security training for reps in an effort to reduce the effectiveness of social engineering attempts. Others may use their existing budget to bring in a consultant for a one-off brush-up. In this case, doing anything is better than nothing.

Harden and enforce

You know the value of data security education, but setting strict policies is just as important for working within your cybersecurity security budget. If you have the support from your higher-ups, institute a policy that work devices and networks are for work—and only for work. Such a policy might seem draconian, but it can prevent major headaches, especially when used in conjunction with affordable monitoring and blocking tools.

Ransomware, CNet says, shuts down one of every five SMBs it hits, so preventing it is paramount. Take, for example, Locky, a nasty bit of ransomware that, Fossbytes writes, used Facebook Messenger to infect businesses. In cases like this, instituting a policy instructing people to stay off Facebook at work or on work devices will have some effect, but backing it up by blocking the site and the Messenger app to match the policy will keep all but the most determined away.

As basically everyone is on Facebook anyway, this move also invokes the idea of mitigating the biggest risk. Should you hear grumbling from the staff, an office-wide email on just how dangerous (and costly) ransomware can be should silence it. Explaining the risk in personal terms—"Do you really want our payroll data to be irreparably encrypted? Do you want to risk carrying an infected file home on your thumb drive?"—can also be effective.

Backup, restore—flex pay?

Instilling a backup plan within the parameters of your cybersecurity security budget can be a bear if you don't have the facilities in place. Here, a hybrid cloud setup using pay-as-you-use tools could be effective, as can hardware vendors with flex-payment options. Consider, too, that presenting solutions with more flexible payment schemes after asking for a security budget you know you won't get is a staple of effective workplace psychology.

Assume physical loss

There are few easier ways for attackers to get at sensitive data than to literally pick it up off the ground. Planning for loss and theft should be a major part of your plans for cybersecurity, regardless your of industry or budget.

While you can't just shrug your budget away, you can make use of affordable tracking and remote-wiping tools for business and business-touching hardware, like employees' personally owned devices. Many products come with this capability out of the box, assuming you take time to set it up. If you haven't, make today the day. Master data management tools make this possible even on employee-owned devices. When combined with policies that require strong passwords or PINs and automatically exclude malicious apps, these tools can reduce—or even remove—some of your biggest security concerns.

Good security is costly, but SMBs can't let a cybersecurity budget consume their tech spending. Even if you can't secure more funds for bigger, safer solutions, you still can protect your company and your professional reputation. Remember that even the best-funded security efforts can't defend against every vector. But if you're crafty, committed, and frugal, you can still put up a good defense.

Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no dumb questions!

Are you ready to purchase? Visit the HPE Store.

Robert Checketts
Hewlett Packard Enterprise

0 Kudos
About the Author


Robert has over 25+ years of IT Marketing and Product Management leadership experience spanning country, Regional and WW organizations. Robert is a marketing executive with extensive experience in field marketing, channel marketing and product marketing on a global basis and is driven to deliver SMB’s end-to-end affordable infrastructure that’s secure from the start, optimized for every workload, packaged for many consumption models, ready to scale, and easy to manage.