Advice for Small and Medium Sized Businesses
Despite market uncertainty and tightening budgets, many companies are seeing improved productivity and cost savings through embracing remote working and cloud computing. They are recognising the value of being able to scale up and down the capacity based on customer demand, and they are paying for only what they use rather than maintaining their own data centres. Supporting staff and trusting them to do the right thing also pays off.
Work with your staff to explain the ways that bad guys take advantage of media intense events for scams and fraud. Make it personal, use examples and relate to scenarios outside of the work context, too.
@le_rond | LinkedIn
The greatest tension is between privacy and protection (sometimes falsely seen as a straight trade off). We are also dealing with a fundamentally changed threat landscape as career and opportunist criminals turn to the huge remote endpoint estate and healthcare tech. Then there's the economic pressure on all of us to do more with less.
For remote work, plan to review the solution and control landscape. Many vendors have changed things hand over fist during this time; peers will have enormous amounts of experience to share. Take advantage of that. Formulate a strategy for positive permanent change using feedback from peers, IT operations and staff.
Apart from all that, transparency and trust are going to be the lynch pins for everything. We are all in this together.
@TrialByTruth | LinkedIn
Thanks to embracing cloud productivity tools, we were well positioned technologically to go 100% remote.
Our gap, and one we’ve seen for many organizations, was in comprehensive training to explain to our team how to work remotely safely. We created a new course using our tool that covered all relevant topics such as expectations for keeping personal devices used for work up-to-date, guidance on securing home Wi-Fi as well as discussions or when it’s okay and not okay to print documents at home. Most importantly, the training wasn’t generic tips or best practices; it was easy to make specific to our policies and standards.
@davidshipley | LinkedIn
One of our team leads set up a daily Monday-Friday remote meeting. He called it "Reason to put pants on," so that made it funnier. It's a time just to talk and decompress with no judgement.
People need to hear other people, and they need to see faces. A team still needs cohesion when working remotely, and the pandemic response required us to move beyond the haphazard in-house meetings to purposeful and planned meetings.
@rossamoore | LinkedIn
Honestly, security awareness programs were boring and disengaging until we saw a shift in the field to provide gamified training and programs.
For the longer term, I foresee a community-based program as the main change in the security awareness arena especially as the remote workforce grows larger. This is because when we're in a community going towards a common goal, people have a better sense of the why behind the program and how their actions play into the bigger picture.
A community-based approach isn't just checking the box, or making the box more fun, it’s actively changing the role of cybersecurity in people’s lives.
@CyberFareedah | LinkedIn
While we’re dealing with extraordinary times, it’s important to recognise that security cannot simply stop. In a bid to keep going and move forward as best we can, we need to consider how to do that with security in mind.
I would encourage organisations to get creative and think about how they can run virtual events and activities to keep security on people’s minds. Given the rise in phishing emails we have seen connected to COVID-19, it’s important that we adapt and evolve to meet the circumstances we find ourselves in. It’s better than allowing a vacuum to form, as cyber criminals could then exploit it.
@drjessicabarker | LinkedIn
2020 has proven to be a “black swan event.” The term, coined by Nassim Nicholas Taleb in the book of the same name, is for rare but highly impactful and highly memorable events. IT and IT Security teams are having a moment, as many have worked tirelessly to ensure their organizations’ ability to successfully respond to security incidents in spite of the quarantine. Now these same teams, in the near future, will be asked to be ready for the next one. But here’s the thing: black swans are by definition rare and unpredictable.
@jwgoerlich | LinkedIn
Develop a strategy that prepares for the unlikely while strengthening defenses for more common threats. Let’s call these geese. A good security program readies the organization against all birds, be it the black swan or the unnamed goose.
There are many challenges to tackle. We need greater control at the endpoint and edge. We need more visibility into all devices, regardless of company-provided or BYOD or on-premise or cloud instances.
In the longer term, organizations need to strengthen and enhance their capabilities in business continuity and incident response. By placing the emphasis on flexibility and response, organizations can deal with the current challenges while preparing for future ones.
The biggest impact on small businesses that is going to affect and/or change their security program is more compliance. There’s going to be so much compliance pushed through whether it’s regarding security framework implementation in your organization or whether it’s regarding consumer data protection laws that are being pushed through legislation. The biggest piece of advice that I could provide to small businesses would be to implement a cyber security framework and methodology very early into your business. If you’ve been in business for a long time, do it now. It’s never too late.
Having someone knowledgeable in security legislation is going to 100% benefit you in the now and the long term.
@techwithtaz | LinkedIn
Small businesses are likely to see many challenges in the areas of budgets and the governance side of security. SMBs are often "trying to do more with less," especially when it comes to where to allocate funds. In relation to cyber and information security, do they invest more in internal programs to prevent, detect, monitor and alert on security events and incidents (which of course will have associated costs to people resources), outsource these activities or perhaps embrace a hybrid approach? It comes down to identifying their most critical assets (physical, logical, even people and processes) and prioritizing the protection based on criticality. This is where business impact analysis (BIA) and risk assessment can be extremely beneficial before jumping the gun and deploying funds and resources in areas that may not result in a ROI.
LinkedIn
Tips? Start small. Start with that BIA and risk identification process to drive informed decisions when it comes to IT and security. Having a dedicated resource to manage and champion this internally, liaise with appropriate stakeholders, keep analysis and recommendations current and aligned to business goals and objectives will help to save a lot of headaches down the road and misallocation of resources.
Now with employees working from anywhere as well as accessing corporate information and data hosted across the world, it is absolutely essential to realize that although firewalls are still important, the foundation of security has shifted to the identity and the connection. Being able to ensure the secure connection to proper applications and data, not to mention forcing authentication at every turn (zero trust implementation), is going to be absolutely critical in protecting this new way of work.
Luckily for SMB organizations, more and more cybersecurity solutions are leveraging the cloud as a delivery mechanism. This will enable smaller organizations to not only implement proper solutions at an affordable, per-consumption model. It will also allow resource-restrained IT teams to build and manage a holistic, integrated and proactive security stack without needing the engineering acumen in-house to do so.
@Port53Tech | LinkedIn
