Taking-Data-Security-Seriously-as-a-Small-Business

I was recently talking to the owner of a small-medium manufacturing business.  The owner started the business in a very small facility 10 years ago and has grown it over time. They’ve since moved into a much larger facility. He achieved this utilizing a great deal of CNC machining, online ordering, an ASRS warehousing system, and an internal design CAD team. He has dedicated a significant amount of time in automating the manufacturing process and making the online sales component clean and quick, saving significant money in outside sales costs.  All in all, this is a successful business with a bright future.

industrial-data-security

I Just Make Stuff, Man

About three minutes into our conversation, I asked him a pointed question that made him a little uncomfortable. I started asking him about his efforts for data security of proprietary design secrets, customer data, and payment interface in his very computerized business.  He looked at me humorously and said, “I just make the stuff man!”

He admitted that he knew that he needed to begin applying some basics of data security to his company, but his focus to date had been on making the business viable, well run, and as automated as possible. He hadn’t thought about the fact that all that automation was susceptible to attack with his network having little-to-no protection. He was focused on growing his business.

Prioritizing Data Security

This is very common. There is no shame in admitting that you have been focused on getting your business to a stable growth curve. After all, you don’t want to have your owner making everything, processing every order, shipping everything, and even cleaning the bathroom at the end of the day.

But what business owners often fail to consider is that the business they grew from an idea is now a much different animal. At some point, they need to begin thinking about things like data security. Data security is not just something your IT needs to worry about. It has a dramatic impact on all facets of your business and needs to be treated as such.

The hot-selling and game-changing gizmo that you designed can quickly become a target for industrial espionage inside of your design team’s SharePoint folder. The payment interface you have for online orders will become of interest to hackers. Your computers inside the company may be hijacked and either ransomed back to you or be put to work for “certified bad guys.” Even the personally identifiable information (PII) on your employees becomes susceptible to compromise.

Start from the Beginning

“Ok, so now what?” he asked me. “Where do I start?” 

I gave him an answer that he wasn’t expecting: “You start at the beginning.”

He gave me a look as if to say, “okay Smart Alec, thanks for being my lifeline!”

I told him that “the beginning” is to get a baseline information security risk assessment that generates a comprehensive score. This baseline risk assessment is the first step in beginning to treat information security like a business issue. A comprehensive score gives you an immediate look at where your strengths and weaknesses are. This allows you to easily justify to your c-suite or board of directors where it’s important to spend money on information security. On top of that, a comprehensive score gives you a benchmark to compare to and make improvements on. One assessment can give you the backing you need in your organization to make security a priority— and to avoid the potential threats mentioned before (and many more).

data-security-risk

After I explained all this to the owner he said that he will make sure that he gets funding arranged in his next board meeting so that he can take the next step in maturing his company’s data security profile.

The FISASCORE Risk Assessment

FRSecure does this with the FISASCORE information security risk assessment. FISASCORE is a tool that assesses your company’s administrative, physical, and technical controls and helps protect the integrity and confidentiality of your data. Mirroring a personal credit score, it estimates your company’s security profile.

If you want to learn how to get a baseline risk assessment for your organization or want to learn more about how to improve your information security posture, visit frsecure.com.

free-fisascore-information-security-risk-assessment-estimator

Jim Nash on EmailJim Nash on Linkedin
Jim Nash
Chief Storyteller at FRSecure
Jim's experiences in both politics and the InfoSec industry have cultivated him into a strong and animated communicator that has the ability to crystallize difficult concepts into digestible ideas. These skills and experiences have morphed him into a cybersecurity and information security evangelist, focusing on publicizing the need for organizations to make cyber threats a business liability and not just an IT problem.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *