Per a study by our infrastructure management partner Kaseya, more than half (54%) of small to mid-size businesses (SMBs) surveyed around the world reported that cybersecurity is their top concern this year. What’s more is almost 60% of respondents anticipate cybersecurity will be their primary concern in 2019.
Why? Because, according to the Information Management article sharing the research, “more than one in three experienced a security breach within the last five years and more than 10% in the past 12 months alone.”
So, the proverbial iron is hot for striking when the subject is cybersecurity for SMBs. That’s the reason we’re running this blog series based on the CompTIA Cybersecurity Advisory Board executive brief, “Building a Culture of Cybersecurity,” a white paper highlighting cybersecurity threats, issues, and considerations inherent in today’s digital environment. The Advisory Board believes an important shift in mindset must occur among the leadership of organizations of all shapes and sizes: “Security can no longer be thought of as a technical problem with a technical solution; it must be treated as a critical business concern.”
In the brief, authors articulate six guiding principles that will enable senior leaders at any business to assess and improve their organization’s approach to cybersecurity. To date in our succession of posts, we’ve covered four of the six principles from an SMB’s perspective:
- Integrate Cybersecurity into Your Business Strategy
- Your Organization’s Structure Should Reinforce Cybersecure Culture
- Your Employees Are Your Biggest Risks – And Assets
- Detect, Detect, Detect – And Learn from What You Discover
Now, we bring you…
Part 5 – Collect Only Data You Need, Share Only Data You Must
“Your organization needs to have flexible and adaptable approaches to protect your data,” CompTIA writers counsel in their “Cybersecure” paper. Here are three keys they advocate for effective data protection practices:
- What You Don’t Accumulate Cannot be Taken from You– Collect only “business-critical” data and draw clear plans for managing this information, including a “realistic estimate of the resources required to collect, store, protect, and analyze the data you keep.” You’ll find in-depth recommendations for handling your “crown jewels” of data in this past post.
- Remember Why It’s Called a Supply “Chain” – As the old saying suggests, your cybersecurity is only as strong as your supply chain’s weakest link. Partners and vendors may become vulnerabilities without proper attention from you. For established relationships, apply another well-worn adage: “Trust but verify.” Be certain your management team knows which data stores these partners and vendors access and how those trusted entities gain access to your data. Before signing new contracts, conduct external audits to ensure that new suppliers meet your cybersecurity standards and will agree to follow required protocols. Revisit these audits at least annually.
- Appoint a Compliance Expert – One member of your executive team should take responsibility for understanding all legal and regulatory requirements surrounding cybersecurity in every jurisdiction where your company operates. This type of focus and clarity is invaluable when navigating the shifting technological landscape and responding to breaches in a timely, thorough fashion.
Consult your IT Managed Services Provider and get an assessment of risks to avoid potential data breach.