Prioritizing Cyber Network Security in Your Business

A few things are grabbing my attention this week. The first being that the tax extension deadline has passed. That’s a big relief for my office, and perhaps for yours too.

I’m continuing to avidly watch, as I’m sure you are too, the unfolding events in Gaza. Though Biden issued a back-channel warning to Iran about not joining in the conflict, the possibility of a larger scale war looms. Economically, that affects gas prices and other factors of the global economy. Then there’s the national budget deadline and the Congress’s gridlock over finalizing it.

It’s more important than ever to keep your business doings sharp right now.

I’ll be here to keep you informed on how bigger happenings will affect your business… and to help you thrive through it.

All of these headlines probably dominated your attention, and rightfully so, but there’s something else happening in October to give attention to: Cybersecurity Awareness Month. That might make your stomach twist, thinking through all you need to be prepared for within a budget. It can be daunting to know where to allocate funds for a pressing need that is so frequently changing and developing.

Because my office handles so much sensitive data, you better believe this is something we monitor and update systematically.

Business spending for cyber network security is up 70 percent over the past four years, though that number has started trending downward and recent security company layoffs confirm this.

But recently issued SEC rules regarding the reporting of data breaches by public companies (more on that shortly) reemphasizes the importance of regularly addressing our own cyber network security measures as business owners.

So let’s talk about budget building for your cyber network security plan.

Prioritizing Cyber Network Security in Your Business
“The best investment you can make is in yourself.” ― Warren Buffett

There are new rules from the SEC regarding the reporting of data security breaches that go into effect December 15, 2023. While those rules primarily target public companies, small and private companies should know what’s being required as they review their own cyber network security measures, especially since the SEC has shown a willingness to extend its regulatory reach to private companies when it comes to cybersecurity.

Basically, companies need to assume that they might face real cyber network security threats and breaches. And when they do, they have to tell the SEC about it within four business days if it’s a significant incident. Plus, U.S.-listed companies also have to share information about how they handle cybersecurity in their yearly reports.

With all of this in mind, let’s discuss how to build a cyber network security budget for your Coastal Southeastern NC business.

Making a budget

When building (or assessing) a budget, know that there are three basic areas that drive the needle: software and hardware, ongoing security services, and in-house training for employees.

Of course you want top-notch protection for all your important stuff, but the reality is that you probably can’t afford it all. This is why budget planning is so crucial – it decides how much you can spend and where you should spend it.

Here’s a simple exercise: First, make a list of all your important assets. Then, think about how vulnerable each of them is to potential threats. In other words, figure out which assets are more likely to be a security risk.

Assets that are both high-risk and critical to business operations should get the lion’s share of your cyber network security budget. On the flip side, if something is low-risk and not that critical, you can allocate less money to protect it because the chance of a cyberattack is lower there.

And don’t forget a line item for incident response and recovery.

Factoring actual costs

Cybersecurity costs can vary a lot, and here’s why:

  • Size and complexity: Bigger and more complex organizations need more resources to protect themselves.
  • Risk level: If a company is at higher risk of a security breach, they’ll need to spend more to stay safe. How often and what type of security incidents a company faces can also affect costs.
  • The cloud: If a company uses cloud services, they might need extra security measures like encryption and multi-factor authentication, which can cost more than traditional setups.
  • Compliance requirements: Some industries have strict rules about cybersecurity, like healthcare and government organizations. Following these rules can be expensive.
  • Outsourcing: When companies hire outside vendors for IT tasks, they need to make sure those vendors are secure.

Saving money where you can

Despite all the costs, there are inexpensive but high value measures you can put in place.

  1. Begin by setting up basic defenses like firewalls, antivirus software, and regular software updates, if you haven’t already.
  2. There are free or inexpensive tools available for things like managing passwords, spotting intruders, and checking for vulnerabilities.
  3. Teach your employees about phishing, social engineering, and keeping data safe. It doesn’t cost much but can make a big difference.
  4. Instead of hiring full-time staff, think about using managed services. They can help with security and monitoring at a lower cost.

 

Now, I get it, not all of these budgeting decisions will be crystal clear. So, it’s a good idea to team up with your Chief Information Security Officer and accountant (that’s me) to figure out what makes sense within your budget constrain.