As we have discussed in previous articles, cybercriminals are increasingly targeting SMBs. The main reason for this focus is that SMBs don’t think they are an attractive target and typically do less to protect their data proactively. However, this mindset is not only obsolete, it can be perilous. Cybersecurity experts recommend that small to medium-sized businesses not only begin to take cybercrime more seriously but that the C-suite unite around the cause. For this to happen, every executive team member has to become more educated as to the need for this type of security planning.

information security

In a perfect world, hiring a CISO (chief information security officer) to take charge of information and data security would be a gigantic step in the right direction for any organization. For those companies that may not afford such talent, there are offsite virtual CISOs (vCISO) whose services are comprehensive yet more affordable.  In the future, cybersecurity professionals should play an integrated role with the C-Suite and provide ongoing influence on business decisions – rather than simply sticking to their usual segmented role in the data center.

However, the world is not perfect.  Most SMBs can’t or won’t hire a CISO, especially at an executive level. Most executives don’t understand the risks of cybercrime nor the rewards for budgeting for such an effort. Unfortunately, unless an attack occurs, it isn’t easy to convince them of the need. Still, here are some ways that could help to make the case.

  • Use concrete examples based on actual incidents. Find an example of a similar company that experienced a ransomware attack and relate the costs incurred in productivity and revenue.
  • Discuss how a shutdown of your business will affect your reputation, your brand, and your future business.
  • Calculate how much will be lost – both tangibly and intangibly – and put that up against the cost of putting a cybersecurity plan in place. If a ransomware attack occurs, it could cost hundreds of thousands of dollars to regain access to data, making the hiring of a CISO seem like a bargain.

How a C-Suite Security Mindset Looks

All business relies on technology these days, yet many business leaders lack the training to understand the possibly catastrophic implications of weak security procedures.  A CISO or vCISO bridges that gap and keeps the executive-level team communicating with the tech team, relaying their concerns. Collaboration is vital to the success of such an arrangement.

“A CISO should be working closely with whoever has the most stake in a company,” says Mindsight cybersecurity expert Mishaal Khan. “In many cases, it’s the CEO, but it could also be the CFO as well as a board of directors. Cybersecurity isn’t just an IT problem; it’s an organization-wide issue that requires executive-level decisions. That’s why CISOs should be in an executive role.”

One way to incorporate a CISO in a small business structure is to work with a managed services firm. Managed service providers support your IT team, provide cybersecurity oversight, manage network operations, and provide the knowledge needed to protect your company best.

If you are an IT professional who needs help articulating the need for more security initiatives in your company, call Alliance IT. We can consult with you and your team to perform a risk analysis or provide information on managed services for your organization.