Updated: May 23, 2020
FACT: COVID-19 has laid waste to most all 2020 small business plans.
One plan, however, that under NO circumstance should ever be forgotten, dismantled, or hiatus-ed is your Cybersecurity Plan. In fact, now is the time to review, revamp, and action your cybersecurity plan on a scale and scope that befits your new security (cyber and physical) needs.
The now all but certain prospect of remote work has been cemented by companies like Facebook and Shopify announcing that they plan to incorporate working remotely in their respective business models. Sole Proprietors, Solo-preneurs, and Small Businesses -- especially those from low income and under-served areas -- now must figure out, on a shoe-string budget, how to navigate this new security landscape.
If you have less than twenty employees, relatively low working capital pre- or post COVID, and limited access to conventional financial resources then these tips are especially for you. Conversely, if you are well-positioned financially but also interested in ways to continuously improve your security posture, then this is also for you.
The technical, physical, and human cyber-attack surface has expanded exponentially. Whether we're talking about poorly configured internet-connected IoT devices that now outnumber human beings, routine mobile device upgrades, the discarding of said mobile device(s), allowing your child to use your work device, or your significant other borrowing your work device for their own work, it's growing increasingly unclear where work starts and personal activity ends.
No matter the industry or business that your're in, below are the three main asset classes that as a sole proprietor, solo-preneur, or small business you're likely to interact with. And their respective KPQs (key performance questions) to consider before taking action.
Asset Class A
If you're an sole proprietor, entrepreneur, or small business owner with employees, you house data that either is intellectual property, sensitive employee/client information, or confidential research and development.
KPQ #1: How regularly/safely is this data stored and backed up?
Asset Class B
The physical devices where from your data is accessed (cellphone, tablet, laptop, workstation) all have out-of-the-box vulnerabilities, and same-day exploits both resident to the device and out in the wild.
KPQ #2: How vulnerable are your devices? And what mitigation/remediation system is in place to protect them?
Asset Class C
All of your connected, physical devices rely and run on a network-based infrastructure. All internet-connected devices have unique attributes and identifiers that set them apart from one another. Some may occupy the same network, while others connect to and send information through virtually protected channels.
KPQ #3: What risk management framework and methods are being used to identify, isolate, and remediate threats across your network(s) while ensuring your business' continuity in the face in a cyberattack?
In the end it all comes down to the degree, nature, and relevance of the risks that your business (small, medium or large) faces. Always identify what, if any, controls you already have in place; the cost of not addressing your risks; and the impact of these identified risks on your business' operations.
Copyright 2020 - Nine Mile Security Group.