How a Security Audit will stop you stepping in poo
Picture yourself on a busy Tuesday. Everyone wants something! The new guy who just started on Monday, to that nice little old lady that always pops her head into your office just to say hi and then stays for a chat. Your head is hurting and while you love hearing about her grandchildren and really connecting with the people you serve, the accountant needs the BAS information today.
This is often the way small business owners find their day. So when you hear cyber security you shrink in your chair because the last thing you need is more stuff to do.
Recently I was speaking to a small business owner who operated a joinery shop. His reaction to cyber security was “I work with wood and don't do a lot on the net, but if I do get hacked and it all gets taken down I will just close my doors. I don't care! I got enough to do and I am not big enough to worry.”
Cyber security is a new business problem that affects every business no matter the size. If you are in business and have any more than 1 customer you have to worry about cyber security. Unfortunately it is ever changing and constantly growing. The likelihood of armed robbery continues to diminish, while the chances of a cyber attack continues to increase. In fact it is not “IF” you get attacked it is “WHEN”
Technology is constantly evolving and the implementation of email clients, or accounting software is becoming easier and more difficult. Most businesses have some IT person that spends a lot of time sorting out technology issues. Implementing cyber security is also a strange combination of easy and hard with new standards and technology.
The problem with this approach is that while you can hold your hand over your heart and say you are implementing cyber protection solutions, you can't know that what you are doing is the most effective for your business or if it really does meet the compliance standards that the law and those external to your business require.
When implementing a cyber protection solution it is important to understand the uniqueness of your business. Understand all your technology productivity tools. Know your people and the vulnerable areas of your business.
Having an understanding of where you are helps you implement the right cyber protection solutions over time.
Having a written audit of where you currently are is important as it is part of the documentation that needs to be kept that demonstrates that you are meeting and working towards cyber compliance requirements. When you have the correct starting point and ongoing plan it is easier to not step in the poo of not meeting your compliance requirements.
If you would like to work with me to conduct a cyber security audit and a prioritised action plan click the link Cyber Gap Audit and Action Plan