Big threats and small business

Today’s threats are advanced and automated, targeting small businesses that have historically lacked the capacity to protect against sophisticated attacks. Learn more about the security challenges small businesses face and the solutions successful organizations are implementing.

How to create a successful cybersecurity plan

Getting started

Cybersecurity policies can range in size from a single one-sheet overview for user awareness to a 50-page document that covers everything from keeping a clean desk to network security. The SANS Institute offers templates for creating such policies, if you’re looking at developing a more robust plan. Ideally, a company’s cybersecurity plan should be documented, reviewed, and maintained on a regular basis. Realistically, many small and medium-sized businesses don’t have the manpower. Even creating a short guide that covers the most important areas goes a long way in keeping your business protected.


Taking a look at the cybersecurity regulations put forth by the federal government or by your industry is a helpful roadmap for developing a cybersecurity plan. First and foremost, you need to make sure you’re operating within the law. For example, if you’re a business entity that deals with protected health information, you must have certain administrative, physical, and technical safeguards in place. The HIPAA Security Rule requires organizations, their
business associates, and even their subcontractors to maintain and implement written policies and procedures for protecting data and technology.


A well-thought-out cybersecurity plan outlines which systems should be in place to guard critical data against attacks. These systems, or the infrastructure, tell IT and other administrative staff how they
will protect the company’s data and who will be responsible for protecting it. Your cybersecurity plan should include information on controls such as:

• Which security programs will be implemented (Example: In a layered security environment, endpoints will be protected with antivirus, firewall, anti-malware, and anti-exploit software.)
• How updates and patches will be applied in order to limit the attack surface and plug up application vulnerabilities (Example: Set frequency for browser, OS, and other Internet-facing application updates.)
• How data will be backed up (Example: Automated backup to an encrypted cloud server with multifactor authentication.) In addition, your plan should clearly identify roles and responsibilities. That includes:
• Who is responsible for the plan’s maintenance
• Who is responsible for enforcing the plan
• Who will train users on security awareness
• Who responds to and resolves security incidents and how
• Which users have which admin rights and controls


The most critical step in establishing a successful cybersecurity plan is documenting and distributing
the acceptable use conditions for employees. Why? No matter how strong defenses are, users can introduce threats to your company’s networks by falling for phishing scams, posting secure information on social media, or giving away credentials. According to the 2014 IBM Cyber Security Intelligence Index, over 95% of all threat incidents investigated involved human error. Your cybersecurity plan should clearly communicate best practices for users in order to limit the potential for attacks and ameliorate damage. They should also allow employees the appropriate degree of freedom they need to be productive. Acceptable use guidelines might include:

• How to detect social engineering tactics and other scams
• What is acceptable Internet usage
• How remote workers should access the network
• How social media use will be regulated
• What password management systems might be utilized
• How to report security incidents In addition, the employee plan should also cover what happens when users fail to comply with guidelines. For example, an employee found to be responsible for a breach might be required to repeat
training if it was due to negligence, or terminated if the breach was an inside job.

Next steps

Establishing and documenting a cybersecurity plan is just the first step in keeping your business secure. Once
the plan has been created, you’ll need to come up with a strategy for deploying it, maintaining it, training users, and making them accountable.

Malwarebytes products and services

Malwarebytes Endpoint Protection

Malwarbytes Incident Response

Malwarebytes Endpoint Protection and Response



For inquiries, email us at



No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *