We didn’t build the World Wide Web on fundamentally secure technology. As a result, with each passing year, the internet becomes an incrementally more hostile place to do business – especially small business. Here’s how to protect yourself on a budget. 1. Study Existing Resources As many as focus on small businesses. half of all reported cyberattacks This is why watchdog groups and regulators in more developed countries continually publish guidance and recommendations for modestly sized businesses on a tighter budget. For businesses looking to secure their attack surfaces inexpensively, it’s critical to know what kinds of free resources are available. An obvious place to start is the from the U.S. National Institute of Standards and Technology. NIST Framework Large, small, domestic, and foreign businesses can benefit from this framework because it establishes a strong knowledge foundation built on practical details. It acts as a kind of tutorial to guide you through building the foundations of a strong cyber bulwark, including: How to identify threats unique to your industry or business. How to become proactive in thinking about cyber risks. Understanding the abilities and limits of detection tools. How to respond and recover from a cyberattack. Similar resources include those published by the E.U. in support of the General Data Protection Regulation (GDPR). These are for organizations, meaning they may be helpful in getting ahead of the regulatory curve in places like the United States. more comprehensive guidelines Both bodies of knowledge are free, but they deliver significant value by helping you expand your knowledge base and harden your defenses without hiring an outside party to do it for you. 2. Invest in Team Member Training As far as investments go, time spent wisely is among the most valuable. Spending time on cybersecurity training for all personnel is essentially free, except for the time expenditure involved, but good training is a ward against some of the most successful cyberattack vectors. Here are some examples of training elements and why they pay off: (Phishing and social-engineering attacks were named a top threat by in a recent poll.) Train team members on spotting phishing attempts 75% of business respondents (Employees misplacing data or leaving it vulnerable to snooping is a preventable source of risk.) Reinforce safe, security-minded data-handling protocols (Research has yielded surprising findings about how many people reuse passwords across multiple accounts . Take the burden off their shoulders by investing in a paid password manager like BitWarden or 1Password.) Ensure all team members practice safe password hygiene even when they know better Unaware and underprepared team members become a liability. Ensure they know the risks and how to be proactive. 3. Understand What Your Operating System Offers No matter what operating system (OS) you favor, there are certain security tools built into their infrastructure – and it’ll cost you nothing but time to learn how they work. Here’s a quick look: Linux offers an open-source approach to security and permissions that some view as superior to Windows or macOS. Organizations running Linux have a dizzying selection of free, . Linux: open-source cybersecurity tools Offers a firewall, software gatekeeper, secure password manager, malware removal tool, and (deliverable automatically in the background) macOS: frequent security updates Offers Windows Defender with , parental controls, system restore points (useful in cyberattack recovery), Memory Integrity to prevent system tampering, and more. Windows: automated virus and threat scans You’ll have the option of letting your OS automatically download critical security updates. You should do this. It’s a free way to take advantage of your OS developer’s ongoing commitment to patching known exploits. Ultimately, your OS might be an underutilized resource if you’re a cash-strapped startup, a world-changing nonprofit, or a small business looking to save money. 4. Develop a Cyber Response Plan A cyber response plan will cost you nothing but time, but it ensures you won’t be caught entirely unprepared if you experience a data breach or cyberattack. Your organization is unique, your attack surface is unique, and your priorities will be unique if you find yourself under attack. Nevertheless, here are some essentials to remember as you document your cyber response plan: Inventory all of the assets currently at risk. Understand the disclosure requirements outlined by local and national cybersecurity and data privacy laws. Create for the most applicable risks. This includes the likelihood of the risk, details of what it could impact, how you’ll be able to tell whether it’s compromised, who gets notified, and what specific actions each identified individual will take. a response matrix Consult with an expert. It’s wiser to have cybersecurity experts on your IT payroll, but you can do the next best thing by reaching out to certified and knowledgeable experts once you’re in the thick of things and you want to be sure you’re doing the right thing. 5. Consider Cyber Liability Insurance Cyber insurance is not free, but depending on the sector you serve, the data you capture or process, the nature of your business, and the level of risk in your industry, paying per year could be the peace of mind you’ve been looking for. thousands of dollars in premiums This isn’t exactly a preventive measure. What it does is ensure your organization or company doesn’t fold under the potentially ruinous cost of sustaining a data breach. For small businesses, the – an unsustainable figure if your assets aren’t liquid enough. average price tag is $200,000 Moreover, the global economy finds itself on uncertain footing. Whispers and open talk of recessions have many businesses economic tribulations. wondering how to survive The cost of a data breach may be too high to manage, but cyber insurance lets you spend your defensive budget manageably, over time, for protection that’s as comprehensive as you want it to be. The U.S. Federal Trade Commission to seek in cyber liability insurance. recommends some essential features Your chosen policy should cover direct data theft, attacks on your data when held by third parties, terrorist attacks, and clear expectations regarding legal representation during data breaches. Protect Your Organization Without Spending a Fortune It’s not clear if cyber insurance will become a legal requirement for businesses in the coming years. However, laws like GDPR and the California Consumer Privacy Act continuously raise the barrier for entry – and spending, it seems – for business owners. California even passed to ensure businesses adequately protect their internet of things (IoT) products. a first-of-its-kind law Therefore, another free way to develop a stronger cybersecurity posture is to remain aware of which territories are quick to identify emerging risks and issue guidance about them. You should also follow the tech companies whose products you rely on. For example, Microsoft recently disclosed in Exchange servers. two highly destructive exploits Finally, remember that the cost of losing face with investors, partners, and customers if you fall victim to fraud or data theft is far higher than the cost of prevention. Start with this guide to do it cost-effectively.

2022 - HackerNoon Contributor of the Year - Cybersecurity

2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Too Long; Didn't Read

Questions about cloud security? Get answers here.

Developing Effective Cybersecurity on a Tight Budget

Too Long; Didn't Read

Devin Partida

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Developing Effective Cybersecurity on a Tight Budget

Too Long; Didn't Read

Devin Partida

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES