how to get the best possible protection for the lowest possible cost with Cyber Security.
One of the most common pitfalls that many SMEs experience when considering their cyber security is what we have seen someone call BSO syndrome (Big Shiny Object).
This arises from the belief that the latest and greatest technological advancement is all you need to be secure.
Let’s put that one to bed now.
There is no, nada, zip and zero single thing that will protect you.
It is not so very different to the physical security of your office or building. You have put locks and some sort of access control (even if a physical key) in place to prevent unwanted or unauthorised people from getting into your premises.
But what about the windows? The roof? Underground access? Ram raids?
As you assess the risk (and consequences), you choose whether or not to increase your security to cover those additional, but less obvious, risks.
Cyber security is no different, other than to be more technically challenging and fast moving.
Physical keys and door locks have hardly changed in decades, while some of their cyber equivalents spawn new or improved variants monthly.
Just as an intruder’s means of getting past your door locks have hardly changed in those same decades, the ways and means by which cyber criminals gain access to computing systems seems to evolve some new threat or technique each month.
To counter these threats, you must engage a holistic approach to cyber security.
Again, there is no single “thing” or technology that will protect you. What is required is multiple layers of defence that address the identified risks, and a governance framework that ensures as new risks emerge or are identified, your response adapts accordingly.
That is not to say that all BSOs are worthless, just that they are not a silver bullet.
A few simple measures can significantly reduce your risk profile, and are definitely worthwhile implementing immediately if you have not already done so.
What will separate successful businesses in the future from the “also ran” and the “used to run” companions and compatriots will not be how much technology they implemented, but rather the framework and approach they adopt towards cyber security.
Chief among these is having a clear picture of your existing risk profile, and a process for addressing those risks.
To that end, CIBIS has developed a series of “Cyber Security Packages” and the Informational Package is the first step.
Each package is designed to complement each other so that the foundation laid by implementing the essential items can be built upon (and adapted) as time moves forward and threats and risks change.
CIBIS Cyber Security Packages
- Network vulnerability scan
- Penetration test (if applicable)
- Data audit to identify any PII or PCI requirements
- Backup audit (coverage and effectiveness)
- Existing configuration audit
- Report of all findings and recommendations
Click here to view an example report (client details have been redacted)
Designed as a “one stop” package to easily “bolt on” the minimal hardware/technology everyone should be using.
For greater coverage and reduced exposure in your risk management plan, make sure you can recover from the unthinkable.
Over and above technology and security, this is aimed at good governance, best of breed practices, quality assurance and quality control.