StaySafeOnline.org - National Cyber Security Alliance
Top 8 Cyber Security Practices Cyber Security Basics News and Media Features About NCSA Events
HOME > Cyber Security Basics > Small Business > Prepare Your Company > Your Employees
Home Users
Educators
Family & Children
Small Business
- Cyber Security 101
- Prepare Your Company
  - Your Employees
    - Management
- Security Procedures
- Procedural Review
- Good Practices
- Password Control
- Workplace Posters
- Handouts
  - Your Computers and Systems
  - Your Customers
- Incident Recovery and Reporting
Submenu
Submenu
How Safe Are You?
Cyber Security
Glossary
  Management and Cyber Security
 
Executive Summary
Submenu
Management plays a vital role in any change to the company. If your employees and customers see that cyber security is as important to you as physical security they will more easily adapt your changes into every day processes by prioritizing and implementing your cyber security efforts.
Submenu
 

Management commitment is the basis for all successful information security efforts.
Without this commitment it's unrealistic to think that even the most aware employees or the most elaborate cyber security procedures will protect your organization's data.

Prioritizing Cyber Security Efforts
Small businesses may have limited resources dedicated to cyber security.  To analyze priorities for the organization's cyber security plan, management will need to analyze current cyber security risks and identify company needs or requirements in order to secure the high-priority information and systems that must be protected. 

There are many enhancements that can be implemented without a great deal of resources including updating official policies and procedures and basic cyber security awareness trainingfor all employees. 

Preparing your system security for a possible cyber attack will demand a business case and a justification for outlay of resources. Business Justification should be done in two ways. First, analyze the risk (loss) versus protection (cost) and then find common ground with the Business Risk Analysis.  An example of this might be what is the cost/liability of your customer’s private financial information being stolen?  How does this fit in with your overall Risk Analysis for liability and Risk Management Plan?

Finally, identify the Business Requirements and/or enhancements that may be enabled by security.  If the system is complex, it may be more cost effective to consult with a technical specialist to determine your requirements and their benefits.

Create a Cyber Security Plan
Management must have a basic understanding of cyber security with their company and understand the high level best practices.  Management also needs to be able to measure success so that they can consistently commit the needed resources to this issue over time. 

Integrate a cyber security rollout plan with your business plan this year.  Begin with your easiest tasks including updating and enforcing procedures regularly.

Roles
All employees are involved in cyber security, from e-mail security to system administration. Implementation of cyber security necessitates total staff involvement.
As part of the Cyber Security Plan, Management should get all employees involved.  Best practices include:

  • Defining roles and responsibility
  • Committing necessary resources
  • Cyber Security Training for All employees
  • Enforcing procedures
  • Being involved

Additional Resources

 

Home | Site Map | Contact Us | Privacy Policy