Skip to main content

We use cookies to give users the best content and online experience. By clicking “Accept All Cookies”, you agree to allow us to use all cookies. Visit our Privacy Policy to learn more.

Manage Cookies
My BBB
Better Business Bureau®
For Businesses
Latest News

Risk Management Series: Developing Your Small Business Risk Management Plan

By BBB of Greater Maryland. October 22, 2019.

By Angela Murphy, Chief Operating Officer of Sontiq. 


Sontiq is a BBB of Greater Maryland partner and we thank them for sponsoring this information.

Setting a high security standard is critical for any small business to protect their employees, customers, and essential data. A cybersecurity policy encompasses the actions, resources, and responsibilities necessary to safeguard your company from ever-increasing vulnerabilities or a data breach disaster. The likelihood of a company, big or small, facing a security incident has increased, and an estimated one in three organizations will fall victim in the next two years. And small businesses often misjudge just how much a breach may cost them — anticipating only $10,000, when in reality the average cost for a small business is $149,000 — an amount that may be insurmountable for most, leading to 60% of SMBs closing their doors within six months of a security breach.

We place significant importance on mobile security when crafting cybersecurity policies because of the inherent risk from mobile devices introduced to an organization’s network by employees, or anyone else who may be using a personal device for business purposes. Cybersecurity professionals rank mobile devices as the #1 hardest asset to defend. And, according to IDG, 74% of IT leaders globally report their organization has experienced a data breach due to a mobile security issue.

In the last installment of this three-part series, we examine the steps every small business should take to guard against cyber threats with effective risk management strategies.

Ensure You Have an Up-To-Date Security Policy

An information security policy is a guideline for how your critical business information should be handled on a day-to-day basis and during instances of data vulnerability. It may seem overwhelming to create or update your policy if you don’t have an IT expert on hand. However, there are six areas that can get you started today in developing your own policy so that you can take control. 

  • Device Differences | Outline and recognize the differences in protecting personal and company-issued devices and how those standards differ. Keep track of what’s required to ensure all data is safeguarded, regardless of access point.

  • What’s Acceptable | Design your company’s policies around how employees interact with business-owned property; such as laptops, customer files, Wi-Fi networks, and company email, especially within mobile devices.
  • Document Safety | Decide where sensitive business documents should be stored, who has access to them, and who is responsible for overseeing this information.

  • Password Standards | Develop a cadence for when passwords should be updated and provide regular reminders to employees.

  • Network Expectations | Install a secure, password-protected Wi-Fi network for your employees, and a separate network for your clients and guests.

  • Breach Preparedness | Create a breach response plan to mitigate the cost and impact a breach may have on your business.

Implement New Policy and Train Your Staff

Cybercriminals will always attempt to bypass your security systems by targeting your employees. Your employees must be trained to take the appropriate actions when facing a phishing email, updating devices, accessing information outside the office, or handling a data breach. Small business owners cite employee negligence, such as human error and accidental loss, as the root cause of 71 percent of SMB data breaches, according to the latest Shred-it State of the Industry Report.

Put your policy into action with regular training and testing. Every employee should have a role in the security of your company to ensure no vulnerabilities are left exposed and no safeguards are left to chance.

5 Tips to Protect Your Small Business

  1. Prohibit the use of Public Wi-Fi. Accessing business documents from an unsecured network allows hackers to infiltrate sensitive information. Employees who use personal devices for work should especially be cautious of appropriate Wi-Fi connections.

  2. Test Your Employees. Conduct quarterly tests to gauge the effectiveness of your cybersecurity policy and identify areas for improvement.

  3. Promote Security Awareness. Reinforce the idea that business security is everyone’s business by implementing a form of “See Something, Say Something” related to malicious activity, such as phishing emails, imposter scams, and internal or occupational fraud. Share educational resources with employees, such as those found at BBB.org and FightingIdentityCrimes.com.

  4. Invest in Business Identity Protection. Safeguard your company from the devastating repercussions of a potential cyber threat or data breach, while also protecting your employees’ identities.

  5. Stay Security Minded. Cyber threats are present year-round and protecting your business from these thieves should be as well. Evaluate and evolve your risk management plan to combat new threats as they emerge.

With the actionable steps provided throughout our three-part Risk Management series, your small business should be ready to combat internal and external threats, and have the knowledge to protect against cyber threats, knowing your organization, employees, and reputation are secure.

 

 

 

Still Need Assistance?

Contact Your Local BBB

Your local Better Business Bureau can assist you with finding businesses you can trust. Start With Trust®.

General Inquiries:

Additional Resources

Additional Topics