During financial crises, I often hear about businesses prioritizing cost-cutting measures to keep their operations afloat. Those tightening purse strings can have a serious impact, forcing businesses to look for savings wherever there might be a corner to cut.
A company’s cybersecurity expenses can be a tempting target, since the effect of cuts may not even be noticed… at least until something goes wrong. When a data breach or a cyberattack occurs, those “invisible” security cuts can have disastrous results, exposing both the company’s reputation and its bottom line to significant risk.
Compromising your cybersecurity is never the best idea. Today I’ll share practical tips for implementing robust cybersecurity measures on a budget, supported by examples and statistics.
A Brief Look at Cyber Threats Data From the Last Crisis
Without dwelling too much on what happened in 2020, looking at that year’s data can tell us a lot about the cyber threat landscape for professional services business.
- According to Verizon’s 2020 Data Breach Investigations Report, there were a total of 3,950 confirmed data breaches in 2019, an indicator of the ongoing threat landscape that businesses face.
- The Ponemon Institute’s 2020 Cost of a Data Breach Report found that $3.86 million was the average amount of direct loss incurred by a company whose data was breached, a reminder of the potential financial impact of cyberattacks on businesses.
- A study conducted by CybSafe in 2019 found that human error accounted for 90% of data breaches, which highlights the importance of employee training and the fostering of a strong cybersecurity culture within organizations.
- According to a 2018 report by the Center for Strategic and International Studies (CSIS) and McAfee, cybercrime costs the global economy approximately $600 billion, or 0.8% of global GDP, a demonstration of the far-reaching consequences of cyber threats.
- In their 2019 Official Annual Cybercrime Report, Cybersecurity Ventures pegged worldwide business losses to cybercrime at $3 trillion in 2015, and forecast that those numbers would double by 2021, an indicator of the rapid growth and potential impact of cyberattacks on businesses of all sizes.
That is just a sampling, but one thing that data makes clear is the importance of taking proactive precautions to protect your critical data.
So, what steps can you take to protect your data?
Assess Your Current Security Posture
An accurate assessment of your current security posture is an important first step when considering new cybersecurity measures. As you identify potential vulnerabilities in your IT infrastructure and evaluate the effectiveness of your existing cybersecurity measures, obvious priorities and areas where improvement is required will likely emerge.
Implement Robust Cybersecurity Measures… On a Budget
Once you’ve assessed your current security posture, it’s time to prioritize and implement cybersecurity measures. Here are some tips for achieving robust security on a budget:
1. Prioritize Critical Security Controls
The Center for Internet Security (CIS) has developed a list of 18 Critical Security Controls, which are prioritized and vetted by cybersecurity experts. Start by focusing on the top five, which can go a long way toward preventing up to 85% of cyberattacks, according to the CIS, your priority list should start with:
- Maintaining inventory and control of hardware assets
- Maintaining inventory and control of software assets
- Ongoing assessment and management of vulnerabilities
- Controlling use of administrative privileges
- Securing configurations for hardware and software
Implementing these critical controls will be a significant part of any effective security plan, and most importantly they can be implemented without breaking the bank.
2. Leverage Cost-Effective Tools and Services
There are numerous cost-effective or even free cybersecurity tools available to help you strengthen your security without incurring significant expenses.
Managed services are the optimal choice for enterprise-level security at a price point that is much more affordable than employing an in-house team. Unfortunately, although many managed service providers (MSPs) offer flexible plans, allowing you to select the services you think you need, they don’t always provide the response and expertise that give you assurance that all measures are being taken to safeguard your data.
3. Develop a Strong Cybersecurity Culture Within Your Organization
As that CybSafe study that found human error to be responsible for 90% of data breaches in 2019 makes clear, your employees are always your first line of defense against cyber threats. Cybersecurity awareness training and encouraging the adoption of best practices such as creating strong passwords, avoiding phishing scams, and reporting suspicious activities, can help create a security-conscious culture within your company.
Regularly Monitor and Plan Incident Response
Continuous monitoring of your IT environment is a critical component of any plan for detecting threats and responding to them promptly. Install network monitoring tools to watch your systems and network traffic for any anomalies or suspicious activities.
There are a wide range of Security Information and Event Management (SIEM) tools currently available that can help you monitor, detect, and respond to security incidents in real-time. For more affordable alternatives to commercial SIEM tools, investigate open-source options like OSSEC and Snort.
The development of an incident response plan is another crucial aspect of a robust cybersecurity strategy. An effective plan should outline the steps to be taken during a security incident, the roles and responsibilities of team members, and the communication protocols that should be established.
Speed is of the essence when dealing with security incidents–the faster the response, the lower the potential damage and cost. According to the Ponemon Institute’s 2020 Cost of a Data Breach Report, companies that had an incident response team and tested their plans regularly saved an average of $2 million per breach compared to those without a plan in place.
As you can see, the level of prioritization that should be given to cybersecurity investments does not decline during periods of financial downturn. A solid case can be made that it actually increases.
By assessing your current security posture, implementing robust cybersecurity measures on a budget, and regularly monitoring and planning for incidents, you can safeguard your business from potential threats, protect sensitive data and maintain maintain compliance with industry regulations.
Thankfully, by prioritizing the most critical security controls, leveraging cost-effective tools and services, and fostering a strong cybersecurity culture within your organization, many risks can be mitigated without breaking the bank. And as your company navigates through uncertain financial times, you’ll have the security of knowing that the steps that have been taken to protect your data will position your company well both now and in the future.
Download our free guide on staying protected from ransomware.
Be Ready for the Next Cyberattack
Download our free guide on staying protected from ransomware.