Cynet announced a new guide titled "10 CISOs with Small Security Teams Share their Must Dos and Don'ts" which details how to effectively manage small and medium enterprise (SME) security with five or fewer cybersecurity team members. As the challenges of smaller security teams are certainly different than with larger teams, these IT professionals must be more creative and pragmatic than their large enterprise counterparts.

In the past several years they have seen a rise in cybersecurity attacks on businesses of every size. Business email has been compromised, endpoints are under constant threat, and ransomware attacks have multiplied to name a few.

Unlike large enterprises with extensive cybersecurity teams, SMEs are plagued with a lack of dedicated resources, device mis-administration, lack of training and a reduced level of IT management framework. Despite this, SME CISOs with these reduced teams have adapted and overcome and in a recent survey, provided ten recommendations for maintaining the highest level of protection possible.

Ten recommendations

  • Invest in communicating upstream:

Develop and present a strategy/plan to address cybersecurity attacks. This should be done annually and be presented in board meetings. Avoid tech-speak and present the statistics, trends and overview of new threats. Discuss the business risk these threats pose and the company's ability to defend against such attacks. Set the budget and expectations in the plan and communicate what can and cannot be done, along with the associated risks.

  • Leverage compliance to increase security budget:

Compared to cybersecurity budget concerns, the compliance budget "is what it is." It is an inflexible requirement that requires compliance for business operation. Leverage the compliance budget to augment the security environment for adherence. Verify with a control vs. regulation matrix and check for gaps on each regulation. This is a forward-looking approach that will help to easily comply and understand what gaps remain when the next regulation arises.

  • Consider the end-to-end costs of purchased products:

From initial deployment to post-installation analytics, alerts and maintenance, the costs of new security solutions cover multiple areas. When investing in a new cybersecurity product, make sure to understand the associated investment beyond the actual product cost and the security coverage, the upgrade frequency and requirements, dashboard/SIEM monitoring for alerts, false positive rates and more. Ask the vendor for a trial period in order to better understand and assess these parameters.

  • Consolidate security platforms:

There can be many layers of security with each increasing the level of overall IT complexity. Look for that single product that consolidates multiple technologies by design.

  • The most well-known and/or expensive brand is not necessarily the best:

Check comparison sites, read blogs and speak with colleagues to gain from their experience with various solutions. See how solutions rank in terms of third-party evaluations and security effectiveness.

  • Avoid the security alert wild goose chase:

Security teams, by definition, operate on alerts. Since smaller teams do not have the resources to follow up on each alert, set polices that define when a particular alert needs to be addressed. Make sure to follow-up on alerts that have been automatically remediated since that initial threat could be a part of a larger campaign.

  • Consider security solutions that do not block operations:

Employees will nearly always try to subvert a security policy if it slows down their operations. Instead of creating a uniform policy for all entities at the company, opt for multiple policies per role and how to overcome challenges.

  • Automate as much as possible:

If there are multiple manual tasks, there is most likely a way to automate these to reduce the time investment. Leverage the power of newer automation technologies to avoid menial or repetitive work.

  • Look beyond the product:

Steer away from products or services that lack quality customer support and servicing to avoid a semi-functioning solution. When inquiring about a new product ask how much product training is provided, is there an initial setup cost, is there a dedicated customer success manager, how proactive is customer service, what is the service level agreement (SLA) on an open ticket and is there servicing for incidents (MDR)?

  • Leverage SaaS offerings to reduce costs, overhead and resources:

SaaS solutions reduce deployment, management requirements, maintenance resources, and costs. Many security SaaS offerings are also more effective as a cloud-based architecture given their stronger processing capabilities. Check the security stack and perform research to confirm what can be replaced with a SaaS-based solution and benefit from the centralised management, processing and operating costs without sacrificing protection.

Enterprise-level protection

"With a bit of additional research, the right tools and supportive services, smaller cybersecurity teams can achieve enterprise-level protection to ensure their organisations are properly defended," said Eyal Gruner, CEO and Founder of Cynet.

"Thanks to the input of CISOs from the technology, healthcare, retail, financial services, and insurance industries, these security professionals have this high-level guidance to strengthen their security posture."

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

How has Brexit affected the security industry?
How has Brexit affected the security industry?

When the United Kingdom voted to leave the European Union, a world of uncertainty unfolded for those doing business in the UK and the EU. The referendum was passed in July 2016. Including subsequent delays, the separation was completed after four years in January 2020, with a transition period ending December 2020. Even with the deadlines past, there are still pockets of uncertainty stemming from the separation. We asked this week’s Expert Panel Roundtable: How has Brexit affected the security industry?

Hybrid working and the threat of desk data
Hybrid working and the threat of desk data

The transition to remote working has been a revelation for many traditional office staff, yet concerns over data security risks are rising. Mark Harper of HSM explains why businesses and their remote workers must remain vigilant when it comes to physical document security in homes. Pre-pandemic, home offices were often that neglected room in people’s homes. But now things are different. After the initial lockdown in 2020, 46.6% of UK workers did some work at home with 86% of those doing so because of the pandemic. Semi-permanent workspaces Since then, many have found that over time, those semi-permanent workspaces have become slightly more permanent – with official hybrid working coming into effect for an assortment of businesses and their teams. The adoption of hybrid working can in fact be seen as one of the few positives to come from the pandemic, with less travel, more freedom and higher productivity top of the benefits list for businesses and their employees. The handling of sensitive documents, is a growing concern for office managers But those welcomed benefits don’t tell the whole story. The transition to remote working has undoubtedly impacted workplace security, with various touch points at risk. The handling of sensitive documents for example, is a growing concern for office managers. In simpler times, sensitive data was more or less contained in an office space, but with millions of home setups to now think about, how can businesses and their office managers control the issue of desk data? Physical document security As of January 2021, it’s said that one in three UK workers are based exclusively at home. That’s millions of individuals from a variety of sectors, all of which must continue in their efforts to remain data secure. With that, reports of cyber security fears are consistently making the news but that shouldn’t be the sole focus. There is also the underlying, but growing, issue of physical document security. The move to remote working hasn’t removed these physical forms of data – think hard drives, USBs and paper based documentation. A recent surge in demand for home printers for example, only exemplifies the use of physical documents and the potential security issues home offices are facing. Adding to that, research conducted in 2020 found that two out of three employees who printed documents at home admitted to binning those documents both in and outside of their house without shredding them. Data security concern Without the right equipment, policies and guidance, businesses are sure to be at risk Those findings present a huge data security concern, one that must be fixed immediately. The Information Commissioner’s Office (ICO) has since released guidance for those working from their bedrooms and dining tables. Designed to help overcome these challenges, the ‘security checklists’ and ‘top tips’ should be the first port of call for many. Yet throughout, the ICO make reference to ‘following your organisation’s policies and guidance’ – highlighting that the onus isn’t solely on the individuals working from their makeshift offices. Office managers have a monumental task on their hands to ensure teams are well equipped within their home setups. Without the right equipment, policies and guidance, businesses are sure to be at risk. But it would be wrong to insinuate that unsecure desk data has only now become an issue for organisations. Modern office spaces Keeping clear desks has long been a battle for many office managers. In fact, clear desk policies are practised in most modern office spaces, with it recognised as a key preventative to personal information being wrongly accessed and so falling foul of GDPR legislation. Throwing sensitive documents in the bin was never an option pre-pandemic However, the unsupervised aspect of home working has led to a potentially more lax approach to these policies, or in some cases, they can’t be followed at all. For those taking a more laid back approach, organisation leaders must remind staff of their data security responsibilities and why clear desk policies have previously proven effective. Ultimately, throwing sensitive documents in the bin was never an option pre-pandemic and this must be carried through to home workspaces now. Securely destroy documents There are also concerns over the equipment people have access to at home. For example, without a reliable home shredding solution, data security suddenly becomes a tougher task. To add to that, several recommendations state that employees working from home should avoid throwing documents away by instead transporting them to the office for shredding once lockdown rules ease. While this is an option, it does pose further issues, with document security at risk of accidental loss or even theft throughout the transportation period, not to mention the time spent in storage. The best and most effective way to securely destroy documents is at the source, especially in environments where higher levels of personal data is regularly handled. Correct shredding equipment The recent findings on home office behaviour represent a true security risk Only when home workers implement their own clear desk policies alongside the correct shredding equipment (at the correct security level), can both home office spaces and regular offices become data secure. Realistically, these solutions should, like the common home printer, become a staple in home office spaces moving forward. The likelihood is that many UK workers will remain in their home offices for the foreseeable future, only to emerge as hybrid workers post-pandemic. And while the current working environment is more ideal for some than others, the recent findings on home office behaviour represent a true security risk to organisations. With this in mind, it’s now more key than ever for business leaders, their office managers and homeworkers to all step up and get a handle on home data security policies (as well as maintaining their standards back at the office) – starting with the implementation of clear desk policies. After all, a clear desk equals a clear mind.

Video intercoms for a smarter, safer workspace
Video intercoms for a smarter, safer workspace

Though many office workers across the globe have found themselves working remotely for the past year, we are seeing a bit of a silver lining, as vaccine rollouts hint at a return to some pre-pandemic sense of normalcy. However, while some of us might opt for a fully-remote work life, others are anticipating a hybrid solution. Even before the pandemic, offices were taking a new, more open layout approach—moving past the days of cubicles and small office configurations. Going forward, offices and other workspaces will be tasked with supporting a hybrid work solution, as well as increasing hygiene measures. Video intercom solution This is where an IP video intercom solution can assist. Below are four ways they can help usher in a smarter, safer work environment: Video intercoms assist in creating a more hygienic work environment - The outbreak of COVID-19 has raised awareness of germs and just how easily a virus can be transmitted by face-to-face contact. Germ barriers are popping up in many aspects of our daily lives, where we were not likely to see them before Unfortunately, the door is also the easiest of these germ barriers to breach As such, we’re becoming accustomed to seeing plexiglass barriers at restaurants, grocery stores, and even coffee shops. However, many don’t realise that one of the best germ barriers is a simple door. Unfortunately, the door is also the easiest of these germ barriers to breach. All it takes is a knock or a doorbell ring to make us open our germ barrier and be face-to-face with whomever is on the other side. Increasing hygiene safety A simple step to increase hygiene safety and visitor security in commercial buildings and workspaces is an IP video intercom. Installing a video intercom will allow staff to see and speak with visitors without breaching that all-important germ barrier. A video intercom system provides a first line of defence, enabling the user to visually confirm the identity of the person on the other side of the door first before granting access. It can also be used to make sure proper procedures are being followed before a person is allowed to enter, such as using hand sanitiser, wearing a mask, and following social distancing guidelines. Basic security needs A major topic of conversation the past year has been how to manage occupancy in all facilities Video intercoms for occupancy management and basic security - A major topic of conversation the past year has been how to manage occupancy in all facilities—ranging from grocery stores and retail shops to restaurants and commercial buildings. Workspaces and offices are no exception. A video intercom provides a quick and convenient method of seeing who, or what, is on the unsecure side of the door before opening. For basic security needs, if a business has a door opening into an alley, a video intercom would be used to ensure no one is waiting outside to force their way in when the door is opened. Personal protection equipment Such solutions can also be used to ensure a person is carrying proper credentials, or wearing proper personal protection equipment (PPE), before entering a sensitive area. For example, if a lab has a room which can only be accessed by two persons at a time wearing specific protective gear, a video intercom could ensure each person is properly equipped, before allowing access that particular room. Additionally, for office or workspaces that have shared common areas, such as a cafeteria, gym or even conference rooms, managing access to these spaces will remain a priority, especially with post-pandemic restrictions in place. Video intercoms are a comprehensive safety and security tool for any workspace Deliveries of packages, work-related materials, or even food are common in any office or workspace. Video intercoms can assist in facilitating safe deliveries by visually and audibly confirming the identity of the individual. The visitor could be your next big client, your lunch delivery, a fellow employee with a faulty access card, or your mail. Video intercoms are a comprehensive safety and security tool for any workspace. Visitor management systems Video intercoms provide a cost-effective solution in small to mid-sized office facilities - One significant advantage of video intercom systems is the variety of applications available. Systems range from simple one-to-one video intercoms, to buzz-in systems, to full-fledged visitor management systems in mixed-use buildings. While they might lack the resources and manpower many enterprises have, small-to medium-sized offices can also take steps to ensure the safety of their staff and customers. Like any business, controlling who comes into the building is a primary way of maintaining safety. Video intercoms work in conjunction with access control systems to provide an identifying view of visitors or employees with lost or missing credentials. They allow staff to both see and hear those on the unsecured side of the door to determine intent before granting access. Most quality video intercoms will provide a clear enough image to allow an identification card to be read by holding it close to the lens, adding another opportunity to verify identity. Touchless intercom activation One major trend is the option of providing a touchless door activation Video intercoms provide a touchless option - Even prior to COVID-19, one major trend is the option of providing a touchless door activation or touchless intercom activation of a video intercom for those without proper credentials. Though touchless isn’t a new solution to the access control market, the pandemic introduced a renewed focus on these types of solutions to provide hygienic access to visitors. For offices and other workspaces looking to make investments into post-pandemic solutions to assist in reopening, touchless can support these efforts. When it comes to smart, secure workspaces, many people think instantly of cameras or monitors, access control, and alarm systems. Proper access credentials However, video intercoms are often the missing piece of a building’s security puzzle. A video intercom provides an identifying view that is not always available from a camera covering a large area. They allow those without proper access credentials a method of requesting entry, and just like cameras, they can be activated by alarms to allow staff to clearly see and communicate. If a workspace or office is important enough to be secure, it’s important enough to be sure of who is there before the door is opened. In 2021, it’s not enough to ensure the physical security of your staff and visitors, but also to ensure they are accessing a hygienic environment. Video intercoms provide that security and peace of mind.