Though it takes years of training to become a CISO, anyone can take prudent steps to make themselves and their company more secure. In the 9 chapters in this book, we teach you the basics. There are three fundamental rules we live by throughout this book.
First, there is no jargon. We use plain language to tell you how to become more secure. When we do use a technical term, we do so only because you hear it talked about and you need to know what it means. We define it in plain language and tell you what it means to you.
Second, we’re going to be honest about the day-to-day work you need to do to be secure. It’s not rocket science, but it does take discipline. That makes sense, right? If it was easy to be cybersecure by buying a product or a service, we’d all be secure by now.
Third, every chapter comes with prudent steps you can take right away to be more secure. We tell you what you have to do and then we give you some “advanced advice” so you can take it to the next level. We so not tell you to go do something and then not tell you how.
Table of Contents
Section 1: Securing Your Business
Chapter 1 – Lock the Doors
The first step is to control access to the business. Gangs and organized crime have moved into cybercrime and their first step is to “case the joint.” Lock the door, lock the closet where you keep the servers and lock the registers.
Chapter 2 – Cyber Awareness
Next we move on to some basic cyber awareness. We describe phishing, proper cyber-hygiene at the high-level and discuss industries (those that take credit cards, those that provide healthcare services) that have specific rules.
Chapter 3 – Protecting Your Network
We keep it simple and talk about Anti-virus/Anti-Malware software, network, routers and firewalls, WiFi basics, VPNs, and performing regular updates.
Chapter 4 – Updates and Backups
Taking regular backups is a critical step that requires its own chapter. We address onsite and offsite and what the objectives are with backups – to protect you from mistakes, to protect you from losing files due to server or disk failure, and to protect you from ransomware.
Chapter 5 – Access Management and Strong Passwords
Next we tackle three more technical issues. We start with access, and talk about specific access by function, giving access to employees that is not all powerful and knowing when and how to use virtual private networks (VPNs) and multi-factor authentication (MFA).
Section 2: Securing Your Brand
Chapter 6 – Web and Social Media Security
The small business owner’s web presence has changed a lot over the years. We’ll discuss the basic procedures that are needed, such as updating regularly, checking emails or other customer interaction and paying for the key protections that their hosting companies offer. Social media is more than just Facebook and Twitter. We talk about the key services, including those two and Instagram and listing sites, such as Yelp! and Google. We also talk about messaging, social profiles, and behavior. Given that there are so many platforms for ratings and listings, we suggest ways of searching for your business online and the importance of managing your online reputation.
Chapter 7 – Data Privacy
In this chapter we discuss the requirements that small businesses have for handling credit card data and medical records. This high-level, explains basic duties and training for staff and provide some resources for PCI (for merchants) and HIPAA (for sole-practitioner and small doctor offices).
Chapter 8 – Cyber Insurance
This is a great time to talk about the insurance policy, what you should look for, what it covers and what it doesn’t and how to work with carriers to be an acceptable customer. Verifying riders and terms and conditions.
Chapter 9 – Be Ready
The last chapter is devoted to what the reader should do once they have finished this book.