How to Get Started on Your Business Cybersecurity Plan

As a small business owner or manager, you likely already realize that you need to put safeguards in place to protect your business’ cybersecurity. The insurance company Hiscox found that nearly half of small businesses (47 percent) had at least one cyberattack in the last year, and 44% of those had two to four attacks. Attacks can be devastating to small businesses, particularly those that suffer more than one attack.

But when you’re not a large enough company to invest in building a robust cybersecurity function in-house, what are your options for ensuring that you have effective processes in place? Here’s a look at what you need to address in your cybersecurity protection plan.

3 Elements of a Good Cybersecurity Strategy

Assessments and Testing

What are the risk factors to your business? Are you using outdated software with a known vulnerability? Do your employees use weak passwords? How susceptible are your employees to responding to phishing scams?

Assessing your cybersecurity posture requires a number of tools, and sometimes real-time interactions, to determine a company’s potential vulnerabilities and recommend areas to improve.

Risk Remediation

Once you are made aware of potential threats and vulnerabilities through an assessment, addressing your risk is a critical step — and it goes beyond simply installing antivirus software and setting up a firewall. Your program should include appropriate technology solutions, company policies, and an incident response plan, and should map out continuous improvement.


Does everyone on your team know the appropriate protocol for mitigating the likelihood of a cybersecurity attack? A thorough training plan should provide lessons on BYOD (Bring Your Own Device) policies, password set up, verification processes, how to monitor for potential phishing scams and a variety of other topics.

A one-time employee training is not enough. A good training program will provide ongoing education and  to ensure that employees are integrating the knowledge into their practice at work.

Resources to Help With Cybersecurity

So, who is best suited to take care of building a comprehensive cybersecurity plan that covers all three elements? Several options exist:

  • A managed service provider (MSP): Many small businesses are already contracting with an MSP for other elements of IT support, such as network setup, hardware purchasing and configuration, help desk, and printers. It can be a natural fit to choose an MSP, as you already have a business relationship with them and they are familiar with your network and systems. MSPs vary in the services they provide when it comes to cybersecurity, but most will offer a robust program that covers all three bases (assessment, remediation, and training) with access to a variety of products and services to help bolster protection.
  • A systems integrator or security system provider: Your company may have a facility security system that’s been installed by a systems integrator — and some of these systems integrators are beginning to pay attention to other forms of security, too, with newer offerings in cybersecurity. Although the physical security world is just beginning to converge with cybersecurity, systems integrators that are involved typically have strong offerings, and it may make sense to sign on, particularly if you are already using them for other security-related measures.
  • A cybersecurity consultant: Cybersecurity consultants or consulting firms typically provide a variety of services around assessments, audits, and testing. Generally, they are well-versed in compliance with specific industry rules and standards, such as HIPAA, PCI, GDPR, and Sarbanes-Oxley. If you work in an industry with specific standards for compliance, it will be useful to work with a cybersecurity consultant to ensure that your approach meets with the strict standards of your industry. Some consultants will work with groups like MSPs and Systems Integrators to offer comprehensive protection, while others may directly provide a full suite of cybersecurity products, services, and support.
  • Do it yourself (DIY): You may have the ability to install antivirus software, perhaps even add a firewall, then ask your employees to be cautious while using strong passwords. But if you try to tackle your company’s cybersecurity alone, it’s a lot easier to overlook potential risks and not have the time or budget to maintain ongoing efforts. By not taking every step to mitigate those risks now, you may be ultimately be leaving your business more open for potential breaches down the line.

There are several types of resources that can provide you with the cybersecurity support you need. However, you must take the time to understand their processes and make sure that they are providing a clear path for you to understand your risks, mitigate them and help you build a secure business environment. By finding the right match, you’ll go a long way towards protecting your company.


Should You Buy or Lease an ATM?
Adding Value: 10 Bookkeeping Systems Small Business Owners Can Use
Share with :