A word cloud about cybersecurity. For example: software infrastructure malware internet logs public

Cybersecurity for Small Businesses : Cyber Hygiene

Cyber-crime is a growing concern for businesses of every size, but especially for small businesses. This is because small businesses have information attackers want but, often don’t have the security infrastructure to defend against or respond to attacks. Top risks for small businesses include malware, viruses, ransomware, and phishing. According to the FBI Internet Crime Report, the cost of cyber-crime was $2.7 Billion dollars in 2018, with Business Email Compromise (BEC) incurring the highest costs.

So where should small businesses start with cybersecurity? One excellent place to start is cyber hygiene. Center for Internet Security (CIS) defines cyber hygiene as the essential and fundamental protections that should be put in place to protect against common attacks. These security controls comprise the first six parts of version 7 of the CIS Controls :

  1. Inventory and Control of Hardware Assets
  2. Inventory and Control of Software Assets
  3. Continuous Vulnerability Management
  4. Controlled Use of Administrative Privileges
  5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  6. Maintenance, Monitoring, and Analysis of Audit Logs

Many small businesses will have limited resources to implement the sub-controls in each control, and will, therefore, fall into Implementation Group 1. By focusing on fundamental security controls, with recommendations tailored to implementation groups based on resource availability, and the sensitivity of their data, a small business can get an excellent start on improving their security posture. One of the strengths of the CIS Controls is the guidance they provide on getting the greatest risk reduction possible given the resources available.

Many other tools and resources are available to such as the Department of Homeland Security’s free cyber-hygiene vulnerability scanning for small businesses.  CIS itself offers a lot of tools and resources ranging from benchmarks for securing specific systems, a risk assessment methodology, mapping of CIS controls to the NIST cybersecurity framework and hardened operating system images. In the ever-changing world of technology, it can be hard to keep up with new threats. The good news is, there is a lot a small business can do to greatly reduce risk by focusing their efforts where it counts.

featured image “cyber” is licensed under CC0 1.0


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s