Vistage Research Center

Get actionable, data-driven insights and expert perspectives from our global community of CEOs and thought leaders. Led by Joe Galvin, Chief Research Officer

5 tactics for effective cybersecurity management

Watch the webinar “Cyberthreats and Solutions for Small and Midsize Businesses.”

Research shows that 62% of small and midsize firms do not have a current strategy in place for managing cybersecurity or safeguarding against cyber attack. Michael Markulec, Vistage Chair and partner & co-founder of Harbor Technology Group shared the following insights on how process is essential to managing network security for your company.

Managing cybersecurity can be like managing accounting, manufacturing, or even sales.  Small and midsize businesses (SMBs) have accounting systems in place and follow generally accepted accounting principles (GAAP). They also might follow standard rules for their manufacturing environments with lean manufacturing or ISO in place. Even in sales, processes are in place for sales teams to ensure success.

But as SMBs look at cybersecurity, it’s mistakenly viewed as some kind of black art. The use of proper frameworks and regulatory guidance are important steps for SMBs to be successful in defending their organization, and more importantly, their organization’s data and intellectual property.

Know your frameworks

NIST, the National Institute of Standards and Technology, originally developed a cybersecurity framework for federal agencies.  NIST has now come out with version 1.1 of their framework, which focuses on SMBs, giving them authenticator tools and frameworks that they need to be successful.  Frameworks are key for managing your plan.

5 tactics for addressing cybersecurity

  1. The process starts with identifying your critical assets, understanding where your data is, and understanding who has access to that data. Not all employees need access to all files, and certain measures like acceptable use or confidentiality agreements can protect your data.
  2. The next step is a protect phase, where organizations put measures in place to protect their data. Consider the defensive controls that are in place as well as the technologies. At times, companies might overspend on the technologies, thinking that is a magic bullet. There are other measures to consider in this phase.
  3. The third phase is a detect phase. How do you detect when something bad has happened? Most businesses that are hacked typically don’t receive a warning. Ransomware is easy, it comes with a warning. Business email compromised, you know when they transferred funds. Sony only learned of its hack once the information was published on the internet.
  4. Once a company learns of a compromise, they need the ability to respond, which is the fourth phase. This is one of the areas where most companies fall down. Even if they have robust defenses, they may not have an incident response plan for when bad things happen. A communication plan is essential. What are clients told? How are customer support folks kept abreast of developments during the process of handling a breach? What other partners and vendors need to be notified and when?
  5. And finally, you need to be able to recover. You need to get your feet back underneath you and drive your business forward. This looks like a disaster recovery plan. Just like a plan that is in place for a fire or natural disaster, consider a plan for your cyber assets as well.

This framework provides CEOs with a set of controls and clearly stated tasks that can be reviewed with their company’s IT professionals, whether they are internal or external, to address cybersecurity concerns and mitigate risk for the organization.

Read more and download the report on cybersecurity.


Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *

Predefined Skins

Primary Color

Background Color

Example Patterns

demo demo demo demo demo demo demo demo demo demo

Privacy Policy Settings

  • Required Cookies
  • Performance Cookies
  • Functional Cookies
  • Advertising Cookies
These cookies are essential in order to enable you to move around the Sites and use its features, such as accessing secure areas of the Sites and using Vistage’s Services. Since these cookies are essential to operate Vistage’s Sites and Services, there is no option to opt out of these cookies.
These cookies collect information about how visitors our Sites, for instance which pages visitors go to most often. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Cookies used

Visual Web Optimizer
These cookies remember information you have entered or choices you make (e.g. as your username, language, or your region), and provide enhanced, more personal features. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Cookies used

Google Analytics
Gravity Forms
These cookies are used to make advertising more relevant to you and your interests. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers. If you do not allow these cookies, you will experience less targeted advertising.