Anyone who has a small to medium-sized business has “an” IT plan, but per a recent study, only 14% of them rate their own cybersecurity plans as “effective.” This is alarming when you consider that 43% of small businesses are targeted by cyberattacks. It’s like having a rowboat with leaking life vests because you don’t really believe your boat can sink; only yachts sink, right?
Patch up those floaties, it’s going to be a long ride. You don’t want to be one of the 60% of small businesses that have to close their doors forever following a single cyberattack.
Let’s look at your cybersecurity plan. Does it have the elements you need to keep floating, or will one mistake send you to the bottom of the lake?
How Solid is Your Cybersecurity Plan for Meeting Compliancy Issues?
In case you missed it, compliancy is kind of a big deal these days. Governmental regulatory standards are tightening as they hold businesses accountable for client privacy.
If you are found to be in violation of these industry standards, you are looking at stiff fines and lawsuits. Many of these violations can be avoided by proving you have your business’ data secured under an effective cybersecurity plan.
The health agency has more hoops than other agencies, with rules ranging from HIPAA to the HITECH Act.
Meanwhile, law firms answer to the BAR association, and financial institutions face the BSA AML, FACTA and the GLBA.
These are all before you even factor in state regulations and good common-sense best practices. If you don’t understand the regulations governing your small to medium-sized business, you may need to hire a professional who does. When it comes to compliance issues, what you don’t know will hurt you.
Documenting Your IT Plan is More Important Than You Realize
It’s not enough to buy some boxed anti-virus software and call it a day. You need to have your complete cybersecurity strategy documented. If a governmental agency randomly chose your office for an IT audit ensuring compliancy, how can you prove that you are taking the necessary steps? Ask the Michigan Department of Technology, Management and Budget about getting on a governmental agency’s radar; the resulting violations were the stuff of “How Not to Create a Cybersecurity Plan” textbooks.
In addition to documenting the plan itself, document your backup and recovery plans and your Business Continuity Plan as well, and document all routine testing. Like those life vests stored under your boat’s seat, you don’t want to wait until you’re sinking to find out how leaky they really are.
How Solid is Your IT Plan for Remote Workers?
It’s a pretty good bet that at least some of your remote workers will continue to work remotely now. How are their devices secured? Are you providing them the tools they need to protect your network like email safety rules, an Acceptable Use Policy, and cybersecurity awareness training?
Are your password requirements strong enough, and do they discourage the repetition of passwords? Do you require a multifactor log-in process for an added layer of security?
Your remote workers are a special “breed” of vulnerability. They tend to be laxer about security, log into unsecured Wi Fi networks, allow family and friends to use their devices, “cheat” on passwords, remain logged in, store files directly to their PC’s, and other risky practices.
Using a VPN and switching to cloud services is a good start for beefing up your cybersecurity strategies when working remotely.
Speaking of Documentation, Do You Have Clear Written Policies for Employees?
Your employees are your first line of defense. Cybersecurity rests at their fingertips. Do they know that using email for personal reasons or using personal devices may expose your network?
Having clearly defined policies such as BYOD policies, remote workforce guidelines, and Acceptable Use Policies will protect you network and your reputation.
It’s important to keep signed policies in employee files. If the unthinkable happens and an employee accidentally launches malware into your network, having a signed policy in place:
- Helps prove to regulatory agencies that you took appropriate actions to avoid the breach
- Closes loopholes from cyber risk insurance companies looking for a way to get out of paying your claim
- May help limit monetary damages for lawsuits by proving that you took reasonable precautions prior to the breach
Employee policies should be renewed as your office tech changes and made a part of your new employee onboarding process.
Some things covered in these policies would include who, what, when, where, and how:
- Who has access to devices?
- What are the permissions required for the user to perform their job?
- When can a user use a personal device rather than a work issued device?
- Where is it appropriate for the employee to use the device? (secured Wi Fi access spots only, for instance)
- How is the device secured to protect your network?
Iconic IT Can Help
Iconic IT doesn’t believe in skimping on coverage for our clients. Unlike most MSPs that offer bare-bones services, we have plans as vast as the national parks they are named after. To us, anything else is underserving. We give you have the guidance and supplies you need, like a park ranger helping you through the forests and mountains of your IT issues and needs.
Iconic IT specializes in helping small to medium-sized businesses, just like yours, answer the question “How solid is your IT plan?” It all starts with a free consultation, including a dark web scan, to evaluate your plan’s strengths and weaknesses.
Let Iconic IT give you the answers you need to get started on solidifying your IT plan.