Why Your Business Needs a Cybersecurity Plan – and How to Do It
Home 9 Data Security 9 Why Your Business Needs a Cybersecurity Plan – and How to Do It

A Cybersecurity Plan Can Help Defend Your Business Against a Cyberattack

Cyberattacks are on the rise and know no boundaries. A single cyberattack can cost a business hundreds of thousands to millions of dollars, depending upon your size, compliance requirements, and the extent of the breach. This includes lost revenues, remediation costs, compliance penalties, and unforeseen legal complications. Not to mention, a data breach will likely result in a tarnished reputation, which can have long-term effects. Developing a written cybersecurity plan is something every business should consider.

63% of small and medium-sized enterprises experienced a data breach in 2019, and more than 4.1 billion records are exposed every year. Thanks to the COVID-19 pandemic and the sudden transformation to a remote work culture, these numbers are rising quickly. In 2021, it’s expected that a cyberattack incident will occur every 11 seconds (nearly twice the rate seen in 2019)!

A properly written cybersecurity plan will ensure networks are secure, sensitive data is protected, and cybercriminals are kept out.

Six Steps to Help You Develop A Written Cybersecurity Plan

Step 1: Identify Your Company’s Sensitive Data

Begin by identifying all the data points you need to protect, such as employee social security numbers and payroll information, customer data, credit card information, and company secrets (i.e., proprietary formulations and patents). Create a visual representation of every category and every location where copies are stored. Note whether each location is encrypted, backed up, secured behind your firewall, or saved in an unsecured place (such as the local drive of an employee’s desktop/laptop, or an unsecured external drive).

Step 2: Define Who Can Have Access to the Data

It’s important to define who can have access to which data, and what level of permissions each person has. For example, an employee may need to see certain data, but perhaps they are not authorized to edit or delete that data. In other cases, there may be entire directories or folders that simply do not apply to a person’s role, and therefore should be locked down as a security measure.

Step 3: Protect All of It

Once you have identified everything that needs to be secured, determine what steps are required to protect them. For example, some of the security services we include in our Managed Security Service package includes:

  • Managed Antivirus
  • Patch Management
  • DNS Perimeter Security
  • Email Security and Encryption
  • Disk Encryption
  • Firewall with Unified Threat Management
  • Managed Backups
  • And more

Step 4: Create a Detection and Alert System

Set up a system that will alert you if an incident occurs, including the ability for employees to report problems. For example, ACT uses a Security Operations Center (SOC) and Security Information and Event Management (SIEM) tools to manage risk through ongoing monitoring and detection and alert the proper specialists so they can provide remediation.

The SOC team is comprised of trained security specialists and security engineers. Their job is to analyze data, assess risk, and remedy any vulnerabilities that may exist. The SIEM tools aggregate data, monitor activity, detect abnormalities and vulnerabilities, and alert the SOC team to problems. Together, a SOC/SIEM solution offers a powerful detection and alert system.

Step 5: Develop a Response Plan

Once a breach is detected, an immediate response is necessary. Ensure everyone knows their role by documenting who does what and when. Your first steps will be to contain the attack, shut down the entry point, and restore business operations.

Step 6: Develop a Recovery Plan

Once business operations are restored, it is time to assess the damage. Determine what, if anything, was lost or stolen. Find out what legal obligations you have to customers, vendors, and board members to communicate the breach. Then begin identifying how the breach happened and how you can prevent it from happening again.

In Conclusion

Developing a cybersecurity plan is just the beginning. It maps out what you need to do to protect your network and data adequately. But like most things, the devil is in the details, and implementing a comprehensive security solution can be a daunting task.

If you have questions about any of the above steps or would like to learn more about ACT’s Managed Security Service offering, don’t hesitate to contact us.

Recent Posts

Custom Solution Drastically Improves Workflow for Spinal Group

The Client and Their Challenge A fast-paced, specialized spinal surgery practice with more than 18 locations throughout New Jersey, New York and Florida, had a critical need to access patient images 24 hours a day, 7 days a week, 365 days a year. Their inability to do...

How ACT Helped a Large Orthopedic Group In New Jersey

We were contacted by the Practice Administrator of a large Orthopedic group in Central New Jersey. An industry expert referred us to her because the practice was using a PACS system at one of their sites and it was slowing their network down dramatically. The...

Custom Solution Rescues New Jersey CPA Firm from Ransomware Breach

The Client and Their Challenge Late in the day on a Friday afternoon, ACT was contacted by the Operations Manager of a mid-sized NJ CPA firm. The firm’s network was breached, and they were a victim of ransomware. To complicate matters, their internal IT person...

5 Benefits of Cloud Computing

Cloud computing has been around for decades, but change can be scary for many business owners. An International Data Group study says 69% of businesses already use Cloud technology in some capacity, and 18% say they plan to implement Cloud computing solutions in the...

12 Key Questions to Ask Your Cloud Service Provider Before You Sign

Choosing to migrate your business’s data and applications to the Cloud is not an issue to consider lightly. It is, however, a decision that typically saves companies money, improves their security, and increases productivity. Selecting the right Cloud Service...

What We Do

Managed IT Services

Learn More

Cloud Computing

Learn More

Backup & Disaster Recovery

Learn More

Network Services & Support

Learn More

Security Solutions

Learn More

Co-Managed IT

Learn More

Improve and grow your business with a smarter IT solution.