Respond to two colleagues (BELOW): (Half a page each and provide each reference separately)
Identify three basic things a small and medium-sized business could do to improve their risk posture and why it is important to have cybersecurity protections in place. Explain your rationale.
Post from colleague 1
How Small-medium sized business can improve their risk posture
Cybersecurity should be a part of the plan for small and medium-sized business (SMB), as the internet grows and internet activities like cloud computing, email and website services there is a need to adequately secure the company’s information form theft, fraud, and cyber attacks. There are some tips for SMB to improve their cybersecurity risk posture which are:
1. Awareness training on security culture: every SMB should have a security practices and policies for employees that includes the use of complex passwords, backing up data, use of multi-factor authentication, use of the principle of least privilege and so on. Employees are expected to be trained on security procedures and be aware of the everyday risk posed by cyber-attacks.
2. Passwords and authentication: SMB employees should be required to use unique but complex passwords and these passwords should be changed every three months or as stipulated by the security awareness plan. The use of multi-factor authentication should also be implemented and enforced.
3. Adherence to cybersecurity best practices should be required by SMB employees/management to improve their risk posture. Even with the best cybersecurity policies and procedures in place, employees should also stay on guard to help assure your company’s data and network is safe and secure (Johansen. A.G., 2020). Best practices like avoiding pop-ups, unknown emails, links, Wi-Fi security, enable firewall protection, install security software updates and back up amongst other.
Why is Cybersecurity protections important to Small-medium sized business?
1. It is very important because of its potential effect on business and its employees. Cyber attacks can cause irreparably damage on the business and can lead to its demise.
2. Government penalties for data breaches. In case of a breach, the company is liable to pay a penalty because of the company’s inability to prevent the loss, enhance cybersecurity is very important.
3. Compliance with Government Law: Every SMB should have cybersecurity protection; it helps to be in compliant with government legislation.
Federal Communications Commission (FCC). Cybersecurity for small business. Communication Business Opportunities. Retrieved from https://www.fcc.gov/general/cybersecurity-small-business
Johansen. A.G., (2020) 10 Cybersecurity best practices that every employee should know. NortonLifeLock. Retrieved from https://us.norton.com/internetsecurity-how-to-cyber-security-best-practices-for-employees.html#:~:text=10%20cybersecurity%20best%20practices.%201%201.%20Protect%20your,protection%20at%20work%20and%20at%20home.%20More%20items
Post from colleague 2
The reduction of security risk for SMB’s can include cost-effective and simple practices, such as ongoing training. The most vulnerable point of any organization is its workers wherein social engineering will be a primary threat. Instead of having a compliance video on phishing, some corporations, including my own, send out fake emails that normally trick employees into clicking or signing their credentials for access (Lamont, 2017). I was actually tricked by one of these emails which stated there were updates made to my benefits package. To my memory, I was naturally very curious as to what this update would entail and didn’t consider for a second the authenticity of this email. It is especially important to note that by this point, I’ve done several security training sessions which have covered this. But in experiencing the error of my ways, the behavior has shifted. Other items to institute would be replacing privileges with policies, especially as this concerns sharing data and updates. If it were possible to frame all the privileges in a network to best fit security concerns, then ideally no training outside of work demands would be required of employees. However, this is not the case which means that policies with normalized consequences have to bridge the latitude that’s given to employees. If an employee is found to have updated its system via an emailed link or has logged onto a personal email account over the VPN, the employee should expect to be reprimanded. Certain positions demand a wide area of latitude which can leave the organizations security posture more vulnerable.
Lamont, J (2017). Cybersecurity: practical advice for SMBs. Retrieved from https://web-a-ebscohost-com.lopes.idm.oclc.org/ehost/pdfviewer/pdfviewer?vid=1&sid=c8581291-17ae-4006-bf01-842b8e3677e7%40sessionmgr4008
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we\'ll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.