Learn how connectivity and security transforms business in a cloud-based world.

Read eBook
Sales 888-407-9594LoginSupport CenterContact Support
Search
Close this search box.
Main Menu
Contact Sales
Contact Us
Main Menu
Main Menu

What is a Good Small Business Cybersecurity Plan?

Small Business Cybersecurity Topics

What is a Good Small Business Cybersecurity Plan
Here are the next steps to a good small business cybersecurity plan:

2. Develop a Bring Your Own Device (BYOD) policy.

  1. Define the minimum required security controls/ software needed for safe operation.
  2. Establish controls for application access and installations.
  3. Require endpoint management agents to be installed on personal devices.
  4. Develop, refine or verify your policies for employees that leave the company and how to remove data from personal devices. Think through file storage, email, collaboration tools, etc.

3. Educate your employees and reduce exposure credentials.

Change passwords as is needed to enforce strong password policies. If your systems have weak or dated password rules, beef them up. If you manage highly sensitive information that requires periodic password changes, put those rules and systems in place.

Use a password manager. Implement a password manager for all members of staff so they can maintain strong password policies without needing to remember long and complicated passwords.

Enable two-factor authentication on as many applications and accounts as possible. Microsoft 365 and other business accounts have the option to enable two-factor authentication, adding a second layer of security to your user accounts by sending a code to a secondary device in the users’ possession to enable login.

Educate employees with simulated phishing emails and security awareness training. We can’t emphasize this step enough. Approximately 88 percent of all data breaches are at least partly caused by human error. If properly trained to recognize risks, employees represent your company’s first line of defense against cyberattacks.

Put your policies in writing. Give your employees reference materials appropriate to their job responsibilities. In other words, explain the topics in greater detail when communicating with your IT staff than when addressing marketing or accounting personnel. This documentation should clearly explain the various threats and cover risk avoidance strategies when an intrusion is suspected. State who they should contact and display that information prominently.

Deliver short training modules regularly to increase retention. Some studies suggest that humans forget approximately 50 percent of new information within an hour of learning it! Consciously reviewing new information helps fight the “forgetting curve,” so opt for ongoing training modules instead of annual brushups. For instance, ransomware attacks in the news might spur a brief video explaining how that particular threat works and what they can do to dodge the risk.

4. Look for and defend against insider threats.

  • Restrict privileged user access to only personnel that absolutely need it.
  • Remove user access from employees who’ve changed roles or left the company.
  • Monitor logins and directory access for atypical user behavior or document access.
  • Monitor for rogue network devices.
  • Enact network and file segmentation to limit file access by job, location and/or need.

5. Create an incident-response plan.

Define responsibilities. Identify critical network and data resources and how to recover them. Define who’s responsible for neutralizing threats, implementing business continuity measures and restoring normal operations. Be sure to include audits, breach assessments, etc., in those plans, which may involve coordination with outside specialists. (Sometimes, these specialists are covered in your cyber insurance policies.) And be sure to plan for communications while you’re at it (see below).

Develop a business continuity plan. How will operations continue in the event of an attack? Ideally, you can tackle business continuity needs for outages caused by weather, construction and other events (like a pandemic) at the same time.

Establish internal and external communication plans. Determine who will inform and update executives and internal stakeholders during a cyberattack. Plan for external communications during and after an attack just in case customers or suppliers cannot access your systems. Find out what disclosure rules you may need to adhere to if sensitive or personally identifying information data is breached.

Need to strengthen cybersecurity for your business?

We can help! Get in touch with us below to speak to one of our experts.

"*" indicates required fields

* By submitting this form and signing up, you are accepting TPx’s privacy policy.

Services
Cloud Communications
Managed IT Services
Managed Security Services

Solutions
Your Industry
Your Need

Contact Us
Contact Support
Contact Sales
Office Locations

Partners
Channel Partner Program
Become a Partner
Affiliate Program
Refer a Customer

Resources
Overview
Product Literature
White Papers
Case Studies
Videos
Infographics
Blog
Client Downloads
Bandwidth Speed Test
Cybersecurity Risk Calculator
Network Threat Map
Learning Center

About
Company Overview
Leadership
Press Releases
Awards & Certifications
Careers
Technology Partners

Support
Open a Support Case
Track a Support Case
System Performance Status
Support Center
TPx Customer Portal
Dash

Follow us

Legal   |   Terms & Conditions    |   Privacy Policy   |    Do Not Sell My Info   |    Login   |   Wholesale    
©2024 TPx Communications
Legal   |   Terms & Conditions    |   Privacy Policy   |    
Do Not Sell My Info   |    Login   |   Wholesale
©2024 TPx Communications