What do you think are the most important things for a small business owner to know about security?
Even if you outsource functions, you are still responsible for your and your customers’ data. Don’t assume any provider you use is secure. Make sure you understand your risks and their impact. The biggest bang for the buck will be to do a security assessment and write a set of security policies specific to your business. Don’t buy security products without a specific requirement derived from your own security policies. For security frameworks, CIS20 is the easiest to follow but you may fall under a specific framework for compliance in your industry.
What systems of a small business should be the most secure? (Where is security needed most?)
Your customers’ data usually carries the most business risk for an SMB so place your highest priority on keeping it safe. Operationally, it’s ransomware that is your highest risk and so consider which systems you cannot live without for a day and prioritize those.
Is security as affordable now for small businesses as it is for Fortune 500’s?
No, it isn’t. Costs are going up for both but fortune 500 has already been doing many things small businesses are just starting to do like get a real firewall and collect and analyze their log data.
Do you have any advice on security measures for small businesses to take advantage of?
Don’t be afraid to write policies and keep updating them at least annually. You’d be amazed how much you realize you can do and how much money you’ve wasted on products once you use your own policy as a guide. It’s a little like doing your own taxes. It’s tedious but inexpensive and provides insights.