Cybersecurity Isn’t Just for Large Companies
How to Take Action to Protect Your Business
Dann Glover, Cybersecurity Program Manager, TechSolve
Today’s technology empowers companies to expand productivity, increase safety and raise quality. However, alongside these benefits come increased vulnerabilities and risk for businesses of all sizes.
While this risk may feel easy to ignore, the importance of protecting your business by establishing a cybersecurity program at your company cannot be emphasized enough. According to the Verizon 2018 Data Breach Investigations Report, 58 percent of cyberattacks were directed at small businesses. Each attack, per statistics from UPS Capital, cost small businesses between $84,000 and $148,000.
In addition to monetary impact, cyberattacks can lead to unquantifiable, crippling business consequences ranging from defective products, loss of intellectual property (IP), identity theft, diminished customer trust and employee layoffs. In fact, according to the National Cyber Security Alliance, sixty percent of small and mid-sized businesses that have been hacked have been forced to shut down within six months of the attack.
To combat these risks, businesses need to take steps to formalize a Cybersecurity program and reach compliance with industry-specific standards. Small businesses, especially manufacturers, should begin by defining in what industries they anticipate to or currently do work.
By determining the likelihoods of working in Electrical, Health Care, Nuclear, Department of Defense (DoD) and Automotive industries for example, manufacturers can identify a list of industry-specific standards relevant to their business. For instance, manufacturers must abide by the Defense Federal Acquisition Regulation Supplement (DFARS) standard for DoD or the Automotive Industry Action Group (AIAG) requirements for third party automotive suppliers.
These industry standards provide frameworks which business are required to use when addressing their cybersecurity. For example, DoD contracts must comply with NIST SP 800-171 framework. For companies not required to follow specific industry standards, these frameworks can serve as assessment tools to guide the process of identifying your current network’s vulnerabilities and opportunities for risk mitigation.
After the completed assessment, create a plan to reach a state of compliance and/or reduce your cyber vulnerabilities. The most difficult part of this step is determining how to fix the issues you found. During this phase prioritization is essential. Focus your plan on mitigating the largest risk first.
Once you have developed a Plan of Action with clear milestones it’s time to work with a trusted service provider and get everything done. Be diligent about making cybersecurity a part of your company culture by delivering quality training to ensure your team is knowledgeable about ways their actions can impact the health of the organization. Harmless mistakes can ultimately lead to bigger threats.
Start a habit of continuously monitoring your network and organization’s activity against best practices and policies and identify metrics that show what is/is not working. With your network constantly changing, your vulnerabilities grow.
While this all may seem daunting - I promise you the effort is worth it - cybersecurity can be a competitive advantage. However, it’s in your hands to take action and be the business that seeks to recognize and address its vulnerabilities instead of avoiding its own risks.