Here’s a list of best practices for small and midsize enterprise (SME) cybersecurity for brokers to ensure clients are cyber secure in an ever-changing threat environment:
- Cybersecurity Awareness Training
- Zero Trust Architecture
- Multi-Factor Authentication (MFA)
- Robust Endpoint Security
- Backup and Disaster Recovery
- Vendor Security Assessment
- Incident Response Plans
As a cybersecurity broker, your role is pivotal in helping protect their digital assets. Here is a quick list of best practices that are available to almost any SME. Cybersecurity is, after all, about managing human behaviors, not just technology. Stay proactive, educate your clients to be vigilant, and adapt to the ever-changing cybersecurity landscape to ensure the resilience of SMEs against cyber threats.
1. Cybersecurity Awareness Training
- Stress that all businesses should provide regular cybersecurity awareness training to employees.
- Emphasize the importance of strong passwords, keeping abreast of evolving phishing attempts, and secure online practices.
- Utilize third-party expertise and training. KnowBe4 (a recent partner of Measured) provides extensive employee training to prevent cyberattacks. According to KnowBe4, 80% of cyberattacks are caused by a human error or compromise.
- Regularly test email defenses and training effectiveness by sending email campaigns to employees.
2. Zero Trust Architecture
- Support the use of the Zero Trust Architecture (ZTA) model. This assumes no user or device can be trusted by default, whether it exists inside or outside of the network perimeter.
- Initial stages of ZTA implementation can be expensive for smaller businesses. Setting up identity and access management systems can be complex and new hardware and software may be needed. However, the payoff is worth the effort by preventing lost revenue from data breaches.
- Third-party vendors can offer ZTA via the cloud, which may be a more feasible option for smaller companies.
3. Multi-Factor Authentication (MFA)
- Promote the use of MFA to add an extra layer of security to all login credentials.
- Implement MFA across all critical systems and applications.
4. Robust Endpoint Security
- Advocate for the use of antivirus software and endpoint protection tools.
- Ensure that all devices connected to the network have the latest security updates.
- Encourage the use of Endpoint Detection and Response (EDR). These solutions continuously monitor and gather data from endpoints to detect, investigate, and prevent potential threats. These automated solutions spot and alert users of suspicious activity.
5. Backup and Disaster Recovery
- Recommend encrypting sensitive data, both in transit and at rest.
- Promote regular data backup procedures to prevent data loss in the event of a cyber incident. Ensure all digital data is stored securely. Be sure cloud data is backed up too.
- All SMEs should practice and test their data disaster recovery procedures. A real emergency is not a good time to try new tasks and procedures.
6. Vendor Security Assessment
- Advise SMEs to assess the cybersecurity practices of their third-party vendors.
- Make sure your client or prospective client’s vendors comply with security standards and protocols. Third-party risk hurts SMEs just as much as larger enterprises.
7. Incident Response Plan
- Collaborate with SMEs to develop an incident response plan. This goes beyond merely a written plan. Creating procedures for mitigating specific types of threats should include all stakeholders, making cybersecurity everyone’s responsibility.
- Encourage regular drills to ensure effective and timely response to potential cyber incidents.
Additional Information: Measured has also created a comprehensive Cyber Insurance Checklist: 12 Essential Security Controls. Feel free to share this with anyone who may benefit from these insights.