Security Awareness & Training for Small Business

While it’s the attacks on well-known companies that make the headlines, the threat is just as worrying for small businesses. And the problem is made worse by many small business owners not believing they’ll be attacked, considering cybersecurity a lower priority than other business issues. In reality, they’re seen as a soft target for cybercriminals and an easier way of getting to the criminals’ bigger target: the small business’s corporate customers.

The financial cost of disruption and reputational damage, leading to customer loss, can be so severe it could threaten a business’s existence. This makes it even more surprising that many haven’t made cybersecurity part of their day-to-day business operations.

However, even for those that understand its importance, they claim protection is expensive — hiring the right technical skills and buying expensive training programs — and the whole subject complicated and difficult to understand. Most will deploy basic tech tools such as firewalls and antivirus programs, but these aren’t necessarily much good: the most common threat for small businesses is their employees being targeted by attacks like phishing, ransomware, watering holes and drive-by downloads. And the best way to address those is through regular awareness and training activities.

Fortunately, a lot can be done at low cost. Here are five tips for keeping your small business secure.

Appoint an Awareness Champion

Find someone inside the business who can take the lead on issuing awareness communications and delivering or coordinating basic training. They’ll only need to spend a few hours a week on it, little enough time to fit around their normal activities.

Using an insider also means you know and trust them, they know your business, and they’re already on the payroll and accounted for in the business plan.

Make Use of Free Resources

There’s a huge amount of free (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Brian Hickey. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/XKj2le83t_E/