Cybersecurity isn’t just a small IT function — it’s a key part of the business foundation.
Until now, cybersecurity has mostly been an afterthought for small business. It’s been something that tends to fall within the domain of the IT team—they might set up a firewall, download some antivirus software, and call it a day.
Today, smart business leaders are learning quickly that cybersecurity isn’t just a small function of IT — it’s a key part of the foundation that holds up the entire business. In recent years, we’ve seen significant breaches from large companies like Equifax. But now more than ever, we’re hearing about it at the local level: For example, a school system in Maine being hit with ransomware, or manufacturers being targeted nationwide. In order to protect your proprietary data, your customers, and your reputation, it’s critical to build a strong cybersecurity posture for your company.
So what can you do to make cybersecurity a priority throughout the company?
It’s not simply about deploying the right technology — it’s about creating processes and educating your team to ensure that cybersecurity is thought about in everything you do. As a business owner or manager, you have the freedom to lead the way and set the tone. It all begins with a proactive approach to cybersecurity that runs top down and throughout the organization.
1. Lead by example, make it your culture
Cybersecurity isn’t a project; it’s a posture. Just like your health, it’s something that needs to be continuously monitored and improved. The best way to imbue that mindset is to lead by example. Make cybersecurity a company priority, talk about it throughout the organization at all levels, and practice what you preach so everyone understands its importance and how to participate themselves.
2. Educate your team
It’s not enough to simply be aware of best practices yourself—you need to be sure that everyone adopts and follows your policies. Leverage cybersecurity training content and sessions to help your employees stay up to speed, and give them the opportunity to ask questions.
3. Get the right technology in place
You most likely already have a firewall and antivirus software, but are those up to date and being patched regularly? And what about the other tools such as regularly monitoring and protecting your company website, having a password vault to simplify password management and ensure everyone creates strong passwords or secure email to encrypt sensitive messages? Mobile device management, encryption, etc., the list goes on and on. Look for software and tools that are easy to use, for administrators and employees.
Editor's note: Need a mobile device management solution? Fill out the below questionnaire to be connected with vendors that can help.
4. Pressure-test your process
It’s critical to ensure that what you have in place is actually working. After all, most data breaches are the result of human error. It’s a problem, even for the large organizations. For example, in the Equifax case, an IT employee neglected to install a security patch for a software vulnerability, even though the company had made it available. In the case of a Yahoo breach, an employee was “spear fished” and unwittingly provided authentication details that led to the exposure of over 500,000 Yahoo accounts.
5. Gauge and engage
To ensure your cybersecurity efforts and guidelines are working to protect your company, you’ll need to regularly test and monitor employee awareness. This might include sending fake phishing emails to employees to see if they are prone to clicking on bad links or opening files they shouldn’t and adopting a monthly routine of short awareness videos to continuously educate everyone in the organization. It can also include “ethical hacking”—in which a third-party is hired to attempt to break-in to company networks and computers then report back on how far they got and if they found their way to the crown jewels.
Getting these insights will help you determine whether additional training is needed, or whether a manager should check in with specific employees to help them remember the policies and improve their own posture. It’s important to find any weak links in your people, processes, or technology now instead of after an attack.
Leading the way to strong cybersecurity
As the business leader, you have the most at stake to lose in the event of an attack. So rather than put off a cybersecurity plan for another day, make it a top priority to build a strategy for proactively defending your company.
Bring together the foundation, culture, and technology that will make your effort a success. Whether you have a cybersecurity background yourself isn’t the point; what matters is that you’re aware of its importance to your organization and can bring together the right approach and solutions to ensure success on this mission. You have the freedom and ability to set the goals for your company to work towards. If you haven’t already, remember to make cybersecurity one of them.