Sunday, April 17, 2022

A Great Security Model For SMBs: What Is It?

 


The Security Model

It is important to protect your business from the Cyber attacker of today.  The question often gets asked “Well, how do I it?  How do I protect my business?”  There is no  easy answer to this, as each organization will have different needs.  But one thing for sure is that you can implement to the best of your ability, a great security model which can be defined as follows:

Technology + Human Vigilance = Good Security

The Technology Component

In terms of technology, this means that you as a business owner, are doing everything you can to make sure you have the proper tools and devices in place.  This includes setting up and deploying firewalls, routers, network intrusion devices, etc.  This also means implementing Two Factor Authentication on all of your company issued wireless devices that you give out to your employees.

One issue that is bound to come across your mind is cost. You are probably thinking to yourself: “This is going to cost me a lot of money, and I can’t afford it”.  Every small business is on a budget, and they probably cannot afford the latest and greatest security tools which come out.  But the key aspect you have to remember is that you do not have to have the latest and greatest. 

You can even use security tools that are even a few years old (but not too old, like 6+ years).  They can still provide a good means of defense, but the key is they have to be maintained and fine-tuned on a regular basis.

By this, you have to make sure that all of your servers, workstations, and wireless devices are installed with the last security patches and upgrades.  This also means that you are also regularly testing your network security devices to confirm that they are doing the job that they are supposed to be doing. 

However, keep in mind that if you do not have an IT department per se, you can always outsource this function to a third-party vendor (but once again, you need to be careful in this aspect as well – this topic will be covered in a future blog).

The Human Vigilance Component

This component of the Security Model is harder to accomplish than the Technological one.  The reason for this is that it involves changing your own mindset as well as your employees about keeping a constant “guards up” attitude.  In other words, this part requires a huge psychological shift in thinking and attitude.

However, in order to expect your employees to have a proactive mindset, you as the business owner, have to take the lead.  The first step in this process is to craft a Security Policy which meets the needs of your business.  One of our previous blogs covered some of the important components of a good Security Policy, and that would be a good reference point to start from. 

After you have written and implemented it, you can then create a little Infographic covering the highlights of your Security Policy.  You can then give this out to your employees so that they can be constantly aware of what they need to do to keep things safe.

Second, in order to help foster this proactive mindset, it is imperative that you have training sessions with your employees on at least a quarterly basis. These training sessions do not have to be literally formal.  Rather, you should conduct them in a relaxed and fun atmosphere, such as a Lunch and Learn. 

Third, after you have instilled into your employees what your expectations are, you then need to empower them to be to be the Security advocates for your business.  You may be wondering; how can this be accomplished? 

One of the best ways to do this is to establish an open line of communication with them, in which they speak both freely and directly.  If they see something out there that they feel could be a Security threat, then they should have the means to be able to tell that to you directly.

Also, if they witness any insider Security threats from within your business, they should also be able to voice their information to you in a confidential manner.  Perhaps, even try to “gamify” your Security approach.  For instance, you can create quarterly contests in which your employees can contribute their own ideas on how to make your business more secure.  The employee with the most number of votes will win a prize, such as a gift card, or something similar.

Conclusions

Overall, this blog has reviewed what it takes to make your business as fortified as possible, using the Security model provided.  Remember, it takes both technology and a strong, human mindset to thwart off the Cyber attacker of today.  You just can’t rely on one component or the other, you need them both in equal amounts.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...