Blog

Four steps to building a cybersecurity strategy - keep hackers out.

Posted by Mike Ralston on Nov 8, 2018 12:41:00 PM
Find me on:

According to the National Cyber Security Centre (part of GCHQ) if you’re a small or medium-sized enterprise (SME) then there’s around a 1 in 2 chance that you’ll experience a cyber-security breach.

Here are four steps to begin building a cybersecurity strategy that keeps hackers out of your business.

 

A. Define your company's current cybersecurity status.

Get together your senior leadership team, board of directors and investors/trustees to conduct an informal audit of the business. Get a sense for the level of security you have today.

Questions to ask: Is anyone in charge of our cybersecurity? What defences do we already have in place? Is our strategy all-inclusive and coordinated? If not can we identify our weak spots and ‘gaps’?

 

B. Identify the key person accountable for your cybersecurity.

Engage leaders from across the organisation—remember cybersecurity is much more than just IT. Include people from different functional areas, such as human relations, marketing, operations and finance. Other players essential to this conversation are your lawyers, insurance broker and your accountant/auditor.

Questions to ask: Who should be answerable or responsible for our cybersecurity? What process can we implement to ensure accountability? How can we communicate and increase awareness about cybersecurity in our different departments and teams?

 

C. Take an list of your assets, determine their value and prioritise your most critical assets.

Identify the "crown jewels" in your company, whether those are employee records, intellectual property or customer data. Recognise that you will never be 100% safe from an attack, so prioritising areas of defence is important.

Questions to ask: What are the most important assets we need to protect? Customer data? Intellectual property? Employee records? Can we measure the degree of confidentiality, integrity, availability and safety of our most critical assets?

 

D. Decide what business capabilities and cybersecurity measures you want to manage yourself and those you can outsource.

Consider whether it makes sense to subcontract certain aspects of your business to a cloud-based system to increase your security. At the same time, consider whether it makes sense to engage a cybersecurity expert or provider. Decide whether you want to work with a consultant to figure out your cybersecurity plan or if you want to outsource your cybersecurity entirely.

Questions to ask: What aspects of our business , such as order fulfilment, should we handle internally versus outsourcing to a third party (e.g., Amazon, Cisco, Google)? Should we outsource our cybersecurity to a third-party service? Should we use a fractional CIO model and seek out cybersecurity consulting? Or should we handle the entire process ourselves?

 

If you don’t know what the status of your security is today you can’t plan how to provide for it. The best defence is a good offence. Make it a priority to protect your data for the benefit of your employees, your customers and the long-term health of your business.

Topics: Business Security, UK, Bristol, England, Cyber Attack, Cyber, Security, IT

Reducing Risk - Maximising Security

Protect the future of your business.

The risk of cyber attacks is continuing to grow year on year for businesses small and large.

So after receiving a lot of requests, we have decided it's time to change things - we're excited to share with you The Solsoft BlogWe have created it to keep you and your business safe from the ever-growing global threats, we bring you the latest and most important information in the world of business IT security.

Stay Safe:

  • GDPR Advice
  • Tips for your business
  • Preventing attacks
  • Compliance Updates
  • Much, much more...

Subscribe to Email Updates

Recent Posts

Follow Me