Information security governance for small businesses

August 16, 2020

Key Statistics

43% of cyber-attacks target small business.
62 % of  businesses experienced phishing and social engineering attacks in 2018

Supply chain attacks are up 78% in 2019

94% of malware was delivered by email

Prove yourself.

Small business are increasingly being asked by customers to prove that they manage their Information security well and are compliant with all the relevant regulations.

If you’re unable to do it you will find that your bottom line is adversely affected.

Until recently your only options to do this were either bring in a highly paid consultants or dedicate considerable internal resources to the task and then do it all again next year.

There is a lot at stake with two-thirds (66%) of small and medium-sized businesses suffering catastrophic consequences and possibly having to close their doors after a breach. In fact within six months of  a cyber attack occurring, 60% of small companies go out of business.

What should you care about

There are things that you can do yourself to improve your information security. Start with these low cost measures and start building your cyber resilience.

Education &Training

Provide IT security training for all your employees as the vast majority of employees would never knowingly harm your business. You can also include your policies and processes into your training program.  The Keeper Security/Ponemon Institute’s small and medium size businesses report shows the number of SMBs reporting negligent employees and contractors as the cause of data breaches increased to 60% in 2018 — whereas external threats (hackers) were reported as 37% of the causes.   

Access and ID management

Have a person in your organisation who administers access to the various systems and information. Access should only be granted to an employee who has a work requirement to see or use the data. Accounts and access should be shut down the minute an employee moves on or changes role and no longer requires access to it to do their job. Password strength should be strong and should be changed every 3-4 months. Lastly passwords should never be shared with colleagues or kept on a post-it note!!! 

Human Resource Security

No matter how perfect their CV is or how well you connected during the interview process never forgo a formal background check.
Ensure you train new staff in how to access your business systems and manage information assets according to your organisations policies.

Learn More About InfoSecAssure for Small Business

Find out the great features of InfoSecAssure and how it can help you on your journey.

Secure your business.
Today is the day to build the business of your dreams. Let us help you secure your assets without blowing your budget — and focus on the things that count!