Security

3 small ways SMBs can build up a cyberdefense strategy

Regardless of size, all organizations are targets for cyberattack.. Allianz's Jenny Soubra offers advice for small business leaders who don't normally specialize in cybersecurity.

"Most of us believe that we're not big enough, rich enough, or important enough to be targeted," according to Jenny Soubra, head of cyber for Allianz Global Corporate & Specialty North America. The truth is: everyone's a target for cyberattacks.

Soubra met with TechRepublic's Dan Patterson to discuss why American businesses are not prepared for the massive amount of cyberattacks.

There is a widespread misconception that SMBs are not targets for cyberattacks, and only large organizations need to worry about cybersecurity. However, "all sizes need to be aware and start to take actions to increase their cybersecurity, and then also take steps where possible to transfer risks as well," she said.

SEE: Security awareness and training policy (Tech Pro Research)

Hackers tend to look at hitting many smaller organizations or individuals at once to build up a volume of information rather than getting a lot of information from one single company, Soubra added.

"Any organization, in my opinion, that is looking at pre-loss mitigation is already ahead of the curve compared to other companies that are not," she said. "Just having an awareness of the risk and taking any steps to learn about what the individual organization's risks are, what sort of data they're holding, how can they plan for the future in the unfortunate event that they do have some sort of security incident, having a plan in place is critical."

It's important for companies to look past just the "post-breach response," and start looking at what they can do ahead of time to prevent an attack, and plan how to respond during a cyberattack.

Soubra suggests these three steps for leaders at SMBs, who generally do not specialize in cybersecurity:

  1. Awareness: Be aware of the threats
  2. Evaluation: Look at what type of data your company holds, whether it's client or employee information, or other valuable company information.
  3. Planning: Think about what your company can do to prevent an attack, and how it will respond during an attack.

"It's the simple things that can make all of the difference," said Soubra.

Also see

cybersecure.jpg
Image: iStock/guirong hao

About Leah Brown

Leah Brown is the Associate Social Media Editor for TechRepublic. She manages and develops social strategies for TechRepublic and Tech Pro Research.

Editor's Picks

Free Newsletters, In your Inbox