Small businesses are “unprepared or poorly prepared for a cyberattack” according to 75% of the 307 insurance and risk management advisors surveyed through the Advisen and Experian 2017 Cyber Risk Preparedness and Response Survey. Unfortunately, no organization is immune to cyberthreats. These days, most companies should have some basic form of cybersecurity program in place. If yours doesn’t, or if you need a refresher, here are four steps you can take to establish a stronger foundation.
Step 1: Create a Comprehensive Set of Cybersecurity Policies
What resources does your organization have that are at risk? Think beyond the obvious. On-site computer systems, laptops, tablets and mobile phones are immediate suspects, but bring your own devices (BYOD) and wearable technology such as smartwatches can also be compromised. Determine what controls you need in place to ensure information is kept secure. Set your rules for communicating, working with, copying and distributing sensitive data; and document those rules and make sure everyone in the organization receives a copy. Necessary policies typically include an IT policy, information security program (including a risk assessment), employee acceptable usage policy, business continuity and disaster recovery plan, and an incident response plan.