Small businesses are just as vulnerable to cyberattacks as larger enterprises. Here's how to develop a risk management strategy that will keep your business secure.
In the white paper State of Cybersecurity 2018, the nonprofit ISACA reported that 50 percent of cybersecurity and information security professionals surveyed saw a year-over-year increase in cyberattacks in their organizations. Four out of five said they expect a further increase in attacks moving forward.
While attacks against large companies tend to garner big headlines, small and midsize businesses are just as likely to be targeted by cybercriminals. Ponemon Institute and Keeper Security's 2018 State of Cybersecurity in Small & Medium Size Businesses study found that 67 percent of 1,045 employees surveyed experienced a cyberattack in the past year. The same study found that 58 percent of businesses experienced a data breach in the same period.
In this environment, it's more important than ever for bmall businesses to take a close look at cybersecurity strategies and implement the tools, policies, and procedures necessary to stay safe.
The struggles of cyber defense
Despite the well-known dangers posed by cyberattacks, you do not tend to have adequate network security solutions in place.
The Ponemon Institute's study showed that only 28 percent of small business professionals rated their ability to mitigate attacks, threats, and vulnerabilities as "highly effective." A full 47 percent said they have no understanding of how to protect their companies against cyberattacks.
Small businesses have historically struggled to implement robust network security solutions and strong cyber defenses for several key reasons. First, they generally don't have a dedicated security executive, as they're too small to sustain the cost of a chief information security officer or similar position. They might also lack the funding for a robust IT department and have to outsource a significant portion of their IT operations.
Furthermore, small businesses often have a mix of both on-premises systems and cloud-based solutions, a hybrid infrastructure that can create additional complexity if not deployed with the help of a trusted partner. And those who have moved most or all of their systems into the cloud may skimp on security strategies, as they falsely think that they no longer have to contend with security.
For these reasons, you often struggle to implement secure IT infrastructures that meet cybersecurity best practices. Yet with the rising risks and costs associated with cyberattacks, companies can no longer afford to overlook cybersecurity measures.
Strategic defense starts with risk analysis
Just like large enterprises, you need to take a strategic, multilayered approach to cybersecurity.
The first step to creating an effective cybersecurity strategy is to figure out how to meet the specific security needs of your organization. Consider the unique infrastructure that makes up your environment—the type of data it holds, the regulatory requirements it must meet, and the risks it faces.
Once you understand your infrastructure, you can establish your company's most likely risk factors, ranking potential threats in each area of your environment. You should know where within your technology stack a cyber incident could put you out of business, where it would do long-lasting but nonlethal damage, and where it might merely be an inconvenience. As an example, an online retailer might rank a denial-of-service attack that shuts down its ability to take orders as a high-level risk, while a downed back-end communications system used by a small group of employees would be a low-level concern.
The results of this analysis can help you establish your security priorities and determine which systems and data stores need the highest levels of protection. From there, you can draft a cybersecurity plan that allocates your company's resources toward solving its most critical needs.
The key elements of a cybersecurity strategy
Although a company's cybersecurity strategy should be unique to its needs and risk profile, every plan should address a few key elements:
- Protection measures: Your plan should detail the basic measures that your company should take to protect itself. These measures may include everything from conventional technologies, such as firewalls and antivirus software, to more advanced options like sophisticated user authentication and encryption technologies. Employee training can also be included in this category; human error remains one of the biggest risk factors for cyberattacks.
- Compliance requirements: Your plan should also detail the regulatory and compliance requirements the company must follow, as well as the security policies, procedures, and technologies needed to adhere to those regulations.
- Monitoring and detection: Monitoring your technology stack is key to detecting anomalies that could indicate a breach. Use your risk analysis to determine which areas of your infrastructure most need monitoring. Then leverage monitoring solutions, such as security information and event management (SIEM) software, that aggregate and analyze data and report on issues that need attention. In addition to monitoring the IT infrastructure, it's also important to implement good governance policies to ensure you're performing patches and running the most up-to-date software.
- Response and recovery: Recognizing that nothing is 100 percent secure, you'll also want to craft a response and recovery plan that spells out who needs to do what in the event of a breach—with a focus on recovering the most critical elements of your business first.
Support cybersecurity with secure technologies
These strategies form the foundation of cybersecurity best practices but will do little good if they're not supported by secure technologies.
As an small business with limited resources for security personnel, you need your hardware and software to do some of the work for you. HPE offers hardware solutions for small businesses that incorporate security and compliance capabilities tailored to small office deployments and hybrid cloud environments. Moreover, HPE offers security assessments and recovery services to better protect SMBs against the growing volume of cyber threats.
By leveraging such offerings alongside a strategic, multilayered security strategy, you can avoid becoming yet another cybercrime statistic.
Learn more about HPE Small Business Solutions.
Discover affordable IT solutions for your small business
Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no “dumb” questions!
Or are you ready to purchase? Visit the HPE Store.
Meet Server Experts blogger Mary K. Pratt, technology journalist. Mary is an award-winning freelance journalist who writes extensively about enterprise technology. Her work has appeared in numerous publications, including newspapers, magazines, and trade journals. In addition to her work, she enjoys spending time with her family and engaging in outdoor pursuits, including running, skiing, and snowboarding.
Server Experts
Hewlett Packard Enterprise
twitter.com/HPE_SMB
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
ComputeExperts
Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.
