Advice for Your SMB from an IT and Cybersecurity Company CEO

You have heard about the dangers of cyber threats and want to protect your business, but it all seems so daunting. Creating a culture of cybersecurity at your business and building a strong cybersecurity strategy takes time and money.

Cybersecurity is no longer an option for businesses. It wasn’t too long ago that a company could install some anti-virus software on your company computers and be good to go — in today’s world, that is not the case. 

You know you need to invest in cybersecurity at your SMB, but where should you start? As a CEO of an IT and cybersecurity company, I'm often asked this question by small business owners. The answer can be complex because there are so many facets to consider. But don't worry — I’m going to break it down for you and explain the basics of what you need to do to protect your business.

If you’ve dedicated a portion of your budget to improving cybersecurity — you’re off to a great start. I always tell clients that an investment in cybersecurity could save them thousands or even the life of their business.

Unfortunately, it is not uncommon for businesses to permanently shut their doors after suffering a data breach, so being prepared is paramount. 

According to a study released by Deloitte, the average company will spend somewhere between 6% and 14% of its annual IT budget on cybersecurity. A cybersecurity budget can differ from business to business depending on various factors, including the number of computers and the amount of sensitive data stored. Speaking with a cybersecurity expert can help you get a clear picture of what your cybersecurity budget should be to protect your business. 

Then the question becomes…what should you do with your cybersecurity budget that is going to make the most positive impact? 

I have created a list of some of the most important actions to take when creating a strong cybersecurity strategy for your business. Let’s get started.


Penetration Test

The first thing I would recommend doing is conducting a third-party penetration test of your systems to get an accurate idea of the risks you are facing. Even if you have an IT team, an outside look at your system could reveal issues that were overlooked. If there are any glaring red flags — those should be addressed and remedied first. 

Cybersecurity is an ongoing process, and you should be continuously monitoring your systems for vulnerabilities. I recommend repeating pen tests and scans quarterly as a best practice.


Implement Cybersecurity Solutions

If you haven’t already, you need to implement basic cybersecurity solutions to protect your business from the most common types of cyber attacks. This will vary depending on the type of business you have and the data you are handling, but some basics include: 

  • Firewalls: A firewall is a network security system that monitors and controls incoming and outgoing traffic.
  • Monitoring by Security Operations Center (SOC): a centralized location where an information security team monitors, detects, analyzes, and responds to cybersecurity incidents, typically on a 24/7/365 basis.
  • Two-factor authentication: This adds an extra layer of security by requiring users to confirm their identity using two different factors, such as a password and a code that is sent to their phone.

These are just a few of the many cybersecurity solutions available to businesses today. Work with a cybersecurity expert to figure out which ones make the most sense for your company.


Create Cybersecurity Policies and Procedures

To create a culture of cybersecurity for your business, you need to have policies and procedures in place that everyone understands and follows. These should cover things like password management, acceptable use of company devices, and what to do in the event of a data breach. 


Keep Up with Updates and Patches

One of the simplest but most effective things you can do to improve cybersecurity at your business is to keep your systems updated with the latest security patches. This includes everything from updating your operating system to patching any software vulnerabilities.

It’s also important to ensure that your employees use the most up-to-date versions of their programs and applications. Outdated software is one of the leading causes of cybersecurity breaches.


Regular backups

Another cybersecurity essential for businesses is to have regular backups of all their data. This way, if you do suffer a data loss, you can quickly and easily recover your files. Backups should be stored off-site in a secure location in case of fire or theft.


Employee Cybersecurity Training

Human error is one of the top reasons businesses get hacked. Cyber criminals are creating phishing emails using social engineering to get people to click on them.

When a malicious link is clicked, it can infect your systems with malware, causing all kinds of problems. If an employee is unfamiliar with the dangers of phishing emails or doesn’t know how to spot the red flags, an employee with the best of intentions could be the downfall of your business. 

Requiring your employees to go through cybersecurity awareness training could save your business.


Create an Incident Response Plan

“Incident response plans are key drivers to maintaining employee productivity, customer service, and executive communication during potential cyberattacks,” Neil Jones, director of cybersecurity evangelism at Egnyte, said.

An Incident Response Plan is a set of instructions that outlines how a company will respond to a cybersecurity incident. The plan should include procedures for handling different types of incidents, as well as contact information for the individuals who should be notified in the event of an attack.

Many business owners overlook the importance of creating an Incident Response Plan (IRP) for cybersecurity incidents. With cyber crime on the rise and the costs of cyber attacks increasing every year, the importance of preparation cannot be overstated.

For more information, read 4 Reasons Every Business Owner Needs a Cybersecurity Incident Response Plan


Cyber Liability Insurance (CLI)

 I always recommend that businesses invest in some form of cybersecurity insurance, also known as Cyber Liability Insurance (CLI). This type of insurance can help offset the costs associated with a data breach, including: 

  • Notifying customers
  • Ransome payments
  • Credit monitoring
  • Legal fees

The price of CLI will vary depending on the size and type of business, but it is a relatively small price to pay for peace of mind.

For more information, read Cyber Liability Insurance: What It Is and Why You Need It


Monitor activity

You need to monitor activity on your network for any suspicious activity continuously. Knowing what is going on within your systems will allow you to fix issues as they arise. 

This can be done with a cybersecurity solution, like a SIEM (Security Information and Event Management) system.

A SIEM is a complex software solution that aggregates and analyzes activity from several resources across your entire IT infrastructure. The SIEM collects data from network devices, servers, domain controllers, and other sources.

It is best to leave SIEM implementation to the experts since it is a complicated piece of technology. This brings us to our next topic… 


Work with a cybersecurity expert  

If you’re not sure where to start or just don’t have the time to implement all of these measures — working with a cybersecurity expert can be a game-changer. One Step Secure IT can help assess your risks, develop a comprehensive cybersecurity strategy, and implement the right cybersecurity solutions for your business.

Investing in cybersecurity is one of the best decisions you can make for your small business. Taking these steps can help protect your business from a cyber attack and keep your data safe.


Key Takeaways

  • Conduct a third-party penetration test of your systems to get an accurate idea of the risks you are facing.
  • Implement cybersecurity solutions to protect your business from the most common types of cyber attacks. 
  • Keep up with updates and patches.
  • Require your employees to go through cybersecurity awareness training. 
  • Invest in some form of cybersecurity insurance, also known as Cyber Liability Insurance (CLI).
  • Work with a cybersecurity expert, like One Step Secure IT, to figure out which cybersecurity solutions make the most sense for your company.
  • There you have it — a few of the basics that every business should do to improve cybersecurity. Implement these measures, and you'll be well on your way to protecting your business from cyber threats.
  • Cybersecurity is ever-evolving, so make sure to stay up-to-date on the latest threats and solutions. Work with a cybersecurity expert, like One Step Secure IT, to implement a cybersecurity strategy for your business.


Don't wait until it's too late to invest in cybersecurity — schedule a free penetration test for your business with One Step Secure IT's cybersecurity experts. Learn more Here


Scott KreisbergStay Safe,
Scott Kreisberg
CEO of One Step Secure IT