Aeris Logic LLC welcomes Marc Helfman as our first guest blogger. Thank you for you contribution, Marc! We appreciate it.
Being responsible for a cybersecurity program at a small-to-mid sized business certainly has it’s advantages compared to that of a larger company, but be careful what you wish for.
The advantages include the ability to secure the environment at a more agile pace and the ability to influence change can often be less challenging. Depending on the organization, cybersecurity has so many areas of responsibility that range from Incident Response, Physical Security, Access Control, Security Awareness Training, Malware Prevention and Governance to name a half a dozen. Larger organizations usually mean larger cybersecurity organizations have areas of specialized skillsets that can meet these responsibilities. This is not to say larger organizations are staffed appropriately because I have been in my share of larger companies that have resource challenges, but the point I am trying to make is, when faced with a specific problem, challenge or question, there is hopefully someone you can turn to in a larger company that can provide you with a voice of reason or solution.
In a smaller organization, the biggest challenge of building out and maintaining an effective cybersecurity program is using your budget to get the most out of yourself and your business partners. Often you will find yourself on an island and you need to be able to make decisions quickly. In order to do so, here are some guidelines small organizations can follow to make that island feel less isolated:
- Build a strong relationship with several third party firms that specialize in cybersecurity. I am not referring to that large reseller that has a cybersecurity “wing”. I am also not referring to large cybersecurity firms that have grown so large, they can’t find their way out of their company directory. I am referring to the small, boutique firms that are always available at the drop of a dime.
- Consider leveraging Managed Service Provider(MSP) where you can. For example, an area like Third Party Risk Management might be a perfect area to outsource since it can extremely time consuming to do in house and the return on investment can often be very little since you often truly don’t know what is going on behind those third party walls.
- Build a large network of peers in the industry. Between social networking, industry conferences and vendor events, there is no shortage of ways to meet and develop relationships with others. It’s always good to find out what other companies are doing in terms of initiatives, product selection and overall strategy.
- Know your industry. If you are in the technology space, find out what other technology companies in your business are doing. Stay up to date on the regulations that might impact your business. One size doesn’t fit all and every sector has their own specific set of challenges and requirements. Use vendors that have experience in your sector when you can and where it makes sense to do so.
- Leverage Cloud services when you can. Gone are the days where Cybersecurity folks are shying away from the cloud. We need to embrace it for it’s good qualities to get immediate value out of many areas of cybersecurity. This is not to say, the cloud doesn’t present risks to our organization, but I’ve been through implementations with SaaS providers where I have seen immediate value in a matter of hours, compared to on-prem solutions that would take weeks to set up. Time isn’t often your ally, but with the cloud, it certainly can be.
I have been fortunate enough to work for all types of organizations from small regional based to large, international based and each has their own set of unique challenges. There are certainly additional strategies to make your cybersecurity program more effective and this was just an example of a handful I’ve found helpful that can hopefully help you.
Marc Helfman has over 20 years of experience in the Information Technology sector with the last 12 focused on cybersecurity. He has worked in both small and large organizations in various capacities helping him understand all of the different challenges along the way.
Thanks for the good article, I hope you continue to work as well.