(Not so) Happy CyberSecurity Awareness Month for SMBs
Frank Bradshaw
We are the cybersecurity division of the small and mid-sized business/enterprise
The annual CyberSecurity Awareness Month is upon us and as usual, SMBs are holding their breath.
CyberSecurity Awareness Month is a time where organizations, specifically their information security teams, can evaluate their security posture, listen to industry voices and possibly adopt new strategies. The problem: SMBs are usually left out of these conversations and rarely reevaluate their security posture or needs.
So what can SMBs do to make themselves more productive during CyberSecurity Awareness Month:
Three Things SMBs can do for CyberSecurity Awareness Month:
- Be Honest With Yourself
You can’t talk about cybersecurity if you aren’t actively practicing it. You have to be honest with yourself and your organization. If you even hesitate when talking or thinking about your information security practices at your organization, you aren’t doing enough. Have an honest conversation with your information security team about what they are doing, what they want to do and what they should be doing. If you don’t have an information security team, have an honest conversation with leadership as to why you don’t. - Talk with other SMBs
Don’t be afraid to share intelligence. We tell our children constantly that two heads are better than one. Share your experiences with other SMBs. You would be surprised how many other SMBs are experiencing the same issues you are. If you think you have a malware problem, there are hundreds of other SMBs in your area dealing with the same thing. You don’t have to give away trade secrets but sharing security experiences will benefit all. - Get a risk assessment
If you did #1, then you are ready for #3.
Get a risk assessment of your entire technology infrastructure.
The reason I said you needed to do #1 is this. If you aren’t honest with yourself, you won’t get a risk assessment. Commissioning a risk assessment means you are willing to say, ‘I am going to assume I have a problem and use this risk assessment to tell me what that problem is’.
You can’t fix what you don’t know is there!
Being an SMB is hard. You are the “expert” at what you do. But are you an expert at securing your network? Not likely. That doesn’t mean you shouldn’t. CyberSecurity Awareness Month is all about calling attention to our security positives and negatives. Pretending that there is no negatives is…well a negative.
Happy CyberSecurity Awareness Month