For Small Firms, A Cybersecurity Plan Need Not Be Complex to Be Effective


Image Courtesy of Bay Area Council

Staying current with events going on in your industry is crucial if you want to keep your business on the front line of progress.  You wouldn’t think of walling yourself off from news about your community, our country or the world.  Similarly, you should stay abreast about news events, product development, business development and more within your industry.


A couple of years ago there was an article in Contracting Business Magazine by Dominic Guarino about the need to have a cybersecurity plan for your business.  If you run a medium to large size business, you almost certainly do.  But what if you run a small business, a “mom-and-pop shop?”  You may not.  If so, this article represents a good place for you to start in developing a plan for your business.


The article cites research by the National Cyber Security Alliance which says that two thirds of small businesses say they are dependent on the Internet for day-to-day operations.  The research indicates that 69% of such businesses handle sensitive information, including customer data, while 49% have financial records and reports.  The research also indicates that 77% of small business respondents to their surveys do not have a formal written Internet security policy for employees.  What would you do if your information was lost or hacked?  How would that affect your company and its operations?  The article suggests that there are seven key areas to address in such a plan.  They are listed below.


  1. The type of data you collect, as well as where and how you store it. This includes customer data, company business and financial data, and personal employee data.
  2. Who has access to your data, your company network, Wi-Fi as well as protections you have in place.
  3. Employee password protection and use of company computers and devices. You should also address social media policy.
  4. Cataloging company hardware including computers, smart devices, external hard drives and backup media. You should also have a policy to address the proper disposal of such devices.
  5. Protecting company computers with antivirus and malware protection software, along with physical security of critical computers and servers.
  6. Protection of your data on the Internet, including your website, online databases, information stored in the cloud and credit card processors.
  7. A response plan in the event of theft or loss of data as well as the catastrophic failure of your company’s computer systems or network.


This is an excellent article in giving you an actionable starting point for addressing this critical aspect of your business.  If you would like more or more in depth information, you might check out the Cybersecurity Planning Guide published by the FCC.  You can find this article at the link below.