Small business cyber security and awareness skills have recently been identified as a critical success factor for small businesses. This world of Internet of Things (IoT) that we now live in has created massive threats that can easily prevent a business from achieving its objectives if not properly managed.
It is common knowledge that small businesses will not achieve much if they fail to harness the powers of business related information technology. But trying to take advantage of business technology also has its own risks like getting hacked or unintentionally exposing personal information which can harm a business if drastic action is not taken.
In order to strike the right balance between these two devils, creating an enabling environment that allows small business cyber security and awareness skills to be acquired by staff members is very important.
This article has identified those cyber security skills that all small businesses must ensure that are in place within the workforce. Companies should hire people with these skills, or train their existing staff or simply outsource these functions if it is better to do so.
10 Small Business Cyber Security Skills
The skills that are discussed in this section of this post are what I refer to as ‘beyond penetration testing skills’. I am sure you must have heard of people that are called professional pen testers. Just in case you haven’t heard, pen testers are those people that organizations hire to try penetrating their network.
1. Network scanning, monitoring, security and access management: your network is your first point of cyber security that needs to be protected from unauthorised access. There are varieties of tools like wireshark that can be used to gain useful information from a network. If you don’t do this in house, a hacker will surely do it for you. Hackers have now turned their attention on small and medium sized businesses as larger corporations seem to have outsmarted them. Access control and management are integral parts of network security.
2. Intrusion detection: intrusion detection systems (IDS) are systems (software and hardware) that detects when an unauthorised person or system is within the network of an organization. There are all kinds of tools out there to do this. What really matters is that we have people in our organization who are knowledgeable in using the tools. What is important is not to detect an intrusion but what actions are taken to prevent havoc being caused.
3. Basic software security testing skill: though it is now rare to get rouge software from vendors but chances are that we may get software that has been altered to quietly do some malicious things at the back ground. The risk of getting rogue software is especially high if the software is downloaded from the internet, at the very basic, a small business should have one person who can check the hash and other properties of the downloaded software to establish its integrity.
4. Incident response skills: incidence response has to do with how we handle the unexpected. Incidence management or response skill is vital in the overall business continuity portfolio of an enterprise.
5. Data security: one of the best ways to secure your data is to encrypt it. The use of encryption software can sometimes be cumbersome and requires specialised skills. Data should not only be secured when on the move but also when it is at rest.
6. Risk analysis and mitigation: cyber risk analysis skill has never been as important as it is now. IT and internet have become so pervasive that one unmitigated weak point can lead to the collapse of everything. There is an emerging trend of DIY risk assessment that small businesses now tend to be embracing.
7. Cloud security and privacy: cloud computing with its benefits and drawbacks has come to stay. The demand for people the right skill sets to deal with the challenges of cloud computing is an area that is not showing any sign of slowing down soon. Cloud security and privacy concerns will always be a major aspect of any IT project. This is why certification bodies like ISC2 have developed a new professional certificate on cloud security.
8. Foot printing and Security analysis skill: one of the first things that hackers do is to gather foot print of their prospective victim. One can only counter this process if one is skilled in it. This skill complements the network scanning skill discussed earlier.
9. Software version control: this is not really a technical skill but is needed for small business cyber security. The idea here is to have a systematic way of upgrading software. Best practice is to have all the systems on the network updated simultaneously. Also licensing issue has to be considered here.
10. Cyber etiquette: this skill is probably the most important of them all. No matter how secure you think your system is, if people on the network do not have good cyber etiquette, all the effort of a business to be safe in the cyber world will be in vein. Cyber etiquette is a soft skill that all users of the internet must have.
There are rudimentary courses on cyber etiquette that you can take. Check out ISACA website to see if you fancy their foundational course on cyber security.
The best way to manage your small business cyber security function is to constantly educate your employees on the latest events. Successful small businesses understand the importance of investing in their people. They don’t see their staff training fee as costs, rather they see it as quality investments.