For many small / medium businesses, security comes down to choosing a cost effective anti-virus. This isn’t enough, and insurance companies are waking up to the problem.
As part of your business insurance, many insurance companies are pushing clients towards having a formal Cyber Sercurity Framework (CSF) in place. This framework doesn’t dictate bank-grade security, it contains the most basic requirements that covers a wide array of low-hanging fruit as well as a wealth of known threats.
Besides the obvious security implications, having a formalized CSF provides your business with much more structure, documentation, and readiness to deal with some of today’s biggest technology threats.
Asset management – Your company will take advantage of crystal clear accounting of what technology is in play, potential lifespan, status, licensing etc. This clarity leads to better management of break/fix, more organized purchasing, better warranty usage. It also helps tremendously during Microsoft Audits where having accurate records could protect against a hefty fine.
Traffic Management – As part of the CSF, we analyze your network traffic to determine what is expected vs unexpected in terms of business needs. This clears up your network to the point where malware is easier to detect, traffic flows better, and we can develop much more effective firewall policies.
Structured Policies – Inconsistency leads to inefficiency. By having clear methodologies for doing routine tasks the guesswork out of things and ensures business processes are both efficient and predictable. Anomalies are also easier to spot and deal with.
Documentation – Having a CSF means your network structure, policies etc is clearly documented. This helps tremendously when working with technology providers to work on your systems. It also can be used to provide assurances to potential clients, investors or insurance companies that your technology is dependable and that you’re protecting your business from basic threats.
Roadmap – Smaller companies often blindly trudge through technology issues and grow with little foresight. By having a CSF in place, you know exactly where your technology issues are, which are more important, and how you’re going to get from A to Z. The CSF is a tool to identify where the gaps are, analyze potential threats from these gaps, and an order in which to improve.
Ultimately, a CSF is a map of your readiness to deal with today’s every increasing threat landscape. It is a guarantee to third parties that you are a responsible entity that they can work with without adding risk or uncontrolled variables.
IBC have developed an effective framework based on the NIST CSF with elements of ISO27001. It provides a well rounded set of tools to provide small-to-medium enterprises with an effective cyber security stance they can depend on.