Cyber on a budget: from zero to fully secure

Darren Guccione at Keeper Security explains how SMEs on a tight budget can navigate the “Cyber-security Poverty Line”

 

In a digital landscape teeming with cyber-threats, organisations operating below the so-called “cyber-security poverty line,” face a unique set of challenges.

 

This cyber-security poverty line is frequently defined as the line between organisations that have the capability for a mature cyber-security framework and those that do not. It is often the case that this line looks different for every organisation.

 

For example, a storefront that takes card payments will have different requirements for maturity than a global, industrial enterprise operating major networking systems.

 

Additionally, it is not always only small and mid-size enterprises (SMEs) found below this line. Large organisations that have operations on the less-technological side may lack the know-how or inclination to adopt a mature cyber-security architecture, regardless of available resources.

 

However, it is true that SMEs are more at risk of falling below this line, due to being resource-constrained, unexpected global changes like the shift to a remote work environment due to the pandemic, or simply, a lack of education.

 

With hundreds of cyber-security solutions available, it can be difficult for organisations that are already struggling to make ends meet to make cyber-security a priority. But it is incredibly important that they find a way to do so, as lack of cyber-protection means threat actors can take advantage of these weaknesses to inflict irreparable harm.

 

So, what is the solution for SMEs and other organisations on a budget, struggling to make cyber-security a priority? The answer: be scrappy. Focus on the biggest risk factors and measures that will make the most impact.

 

Here are some ways that organisations can increase their cyber-security protections with limited resources.

 

Passwords. Having strong passwords is one of the most understated measures that can be taken to protect the data of an organisation. Employees and customers should both have strong and secure passwords that will prevent hackers from making their way into critical systems through common attack vectors such as brute force or password spraying.

 

A dedicated password manager is also an affordable and highly-secure solution to generate and store various work and supply-chain passwords, while also providing the ability to securely share them both internally within teams and externally with clients or contractors.

 

Encourage caution for remote workers. With the pandemic, many organisations were thrust into remote working environments where the security was shifted off-premises. With employees using personal devices and at-home Wi-Fi, the cyber-risk to digital business assets suddenly skyrocketed. For organisations with remote workers, it is important to remind them to always secure their emails, to avoid using free public Wi-Fi and to use a VPN when and wherever possible.

 

Multi-factor authentication. One easy step organisations can take on a shoestring budget is to implement MFA for work information protection and educate employees about why it is important. This additional step to authenticate an account is a proven method to prevent account takeovers. The few seconds of delay in accessing an account is worth preventing hackers from gaining access.

 

Security awareness and culture. One of the major problems with implementing new security measures in an organisation, no matter how small the measures are, is the resistance that might come from employees. For example, if MFA is suddenly required, employees may find it cumbersome. This is an example of poor security culture, which can be easily remedied.

 

It is highly important to foster a positive security culture within every organisation, meaning that all employees across the business know their part in the security scheme and will influence one another to uphold security best practices. This starts from the top-down. As CEO or founder of an organisation, begin to foster security awareness and lead by example to demonstrate why these security practices are critical.

 

Beware of social engineering. From security awareness training and a positive security culture comes an enterprise-wide knowledge of what email links and attachments are suspicious and may be phishing attempts. One of the most common points of entry for hackers in organisations of all sizes is stolen credentials through social engineering. Organisations can prevent this by teaching the security best practices mentioned above.

 

Update, update, update. If software is not updated in a timely manner, the risk of being hacked increases significantly. Bad actors can take easy advantage of unpatched or old software that is not being properly cared for. Define which systems or software are critical and ensure there is a plan in place for updates. Most will alert that there are patches or updates available; do not ignore these.

 

Free resources. Luckily, not everything in cyber-security needs to be costly. In fact, there are plenty of free resources out there, such as guidance from the NCSC in the UK. Organisations on a budget should certainly take advantage of these free resources to gain the best understanding of how to secure their data and systems without having to spend even a little bit.

 

You don’t need an IT team

When looking into cyber-security solutions, it may be daunting for a small or resource-strapped organisation to afford the cost of an IT team. But this doesn’t have to be the only solution.

 

Indeed, businesses can and should implement security solutions that do not need to be managed by IT professionals. This will save time, money and will let organisations themselves get better acquainted with the risks facing their own systems.

 

Above all, get to know your systems

While being below the cyber-security poverty line can seem like an unenviable position to be in, it presents an opportunity for organisations to truly get to know their networks, data, systems and risks.

 

By identifying the major risks affecting the organisation, strategic solutions can then be applied so the cyber-security poverty line is no longer an obstacle to overcome.

 

---

 

Darren Guccione is CEO and Co-founder of Keeper Security

 

Main image courtesy of iStockPhoto.com