• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Democratizing technology essential for cybersecurity.

Red Sift Blog
  • redsift.com
  • Featured
  • About
  • Get in touch
You are here: Home / Cybersecurity / How to build a cybersecurity strategy for your SME

How to build a cybersecurity strategy for your SME

by deepak
August 29, 2018September 28, 2018Filed under:
  • Cybersecurity

The number of small businesses is growing. In fact, at the start of 2017, small businesses accounted for 99.3% of all private sector businesses. Yet, with this growth comes the risk of security breaches: these breaches aren’t limited to the major companies.

Photo by Ricardo Gomez Angel on Unsplash

The UK Government announced earlier this year that more than two in five businesses reported a cybersecurity breach in the past 12 months. These data breaches aren’t limited to big brands, and it’s imperative that small businesses are well equipped to deal with the risk of a breach. To quote FBI Director Mueller, “There are only two types of companies: Those that have been hacked and those that will be hacked.”

SMEs face similar challenges to any other type of organization, whether that’s in the form of a brutal cyberattack, phishing attack, or the threat of GDPR fines. That’s why it’s so important for SMEs to implement strategies which at the very best prevent a breach, and in the worse case, minimize the consequences.

One key strategy is security by design. This is a simple concept that allows a business to mitigate or even rectify a breach, and is based on the framework of people, process and technology. Having these elements in place will provide customers with the vital reassurance that the organization is capable of dealing with breaches and is striving to prevent future attacks.

Just like sunscreen and cake, security is best when it’s layered

There are a number of technology solutions available to help SMEs and startups protect their networks as well as their customers’ data. There is no one magic answer, instead a layered approach to security is the best line of defence – think malware detection, email security, encryption, anti-phishing technologies, where you simply assure customers that any emails they receive from your domain is guaranteed to originate from you, not a spoofed account sending out phishing emails. Each level of protection reduces the attack surface and encourages criminals to look elsewhere for softer targets, meaning that each layer provides another boost to the confidence of your customers.

People power

Developers and leadership teams within startups must be able to understand the issues, in order to build layers of security into systems. To do so, education, training and security awareness are three key components. Nevertheless, basic cybersecurity education is vital for all employees and will stress how easy it can be for a breach to take place.  In smaller teams, clear roles must be assigned for those responsible for security in an organization and will thus ensure that the required knowledge and influence is achieved.

Think of cybersecurity as a process

We have to think about cybersecurity as an ongoing process, rather than a checkbox to be ticked off. Implementing security frameworks such as the Information Security Management Systems is a good starting point. Although obtaining this standard is a significant lift, by demonstrating the importance of security to the business, you can’t underestimate the change it can bring to the culture and mindset of a startup. When a full ISO is simply too resource-intensive for a small business, you can take elements from the approach to expand the internal policies: this could be as easy as nominating a security committee to steer the organization or drafting incident response plans.

The GDPR requirements on a data breach are fairly straightforward – the processor notifies the controller and the controller notifies the data subject unless the processor had implemented and applied appropriate technical (encryption) and organizational measures (ISO27001) to make the data unintelligible to unauthorised viewers. This notion of making data ‘unintelligible’ emphasizes the significance of designing systems with security in mind to protect the reputation of your company.

There’s always the possibility of a breach, however rigorous your security is; but what’s most important is how you deal with it publicly in order to reassure customers and regain their trust. Regardless of the nature of a crisis, its well known that transparency and honesty helps to regain trust. Take clear steps to rebuild defences, provide the level of security necessary to avoid future breaches, and you will begin to regain customer confidence in your brand. Ultimately, it’s the SMEs’ responsibility to deliver the level of protection that customers, partners and investors deserve. If not, we risk losing their confidence to larger, established competing brands who are all too often perceived to be the safer option.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybersecurity
  • Small Business

Post navigation

Previous Post Rust, meet q
Next Post Interview: Rahul Powar unveils the technological cogs making Red Sift tick

Primary Sidebar

Recent Posts

  • 2021 The Threat Landscape: Brand protection and BEC attacks lead the charge
  • OnDMARC Wins “Best-Of DMARC” Award On Review Platform Expert Insights
  • The case for embracing DORA
  • Red Sift – Closing the Net on the Phishing Problem
  • Beware of this common NHS Covid-19 Vaccine email scam

Archives

  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • November 2016
  • October 2016
  • February 2016

Categories

  • AI
  • BEC
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Uncategorized
  • Work @ Red Sift

Copyright © 2021 · Milan Pro on Genesis Framework · WordPress · Log in