Cybersecurity plans are a wise investment

Prevention of breaches is way less costly than the cure

February 4, 2016

Candy Alexander,

Just as the famous quote from Ben Franklin goes, “An ounce of prevention is worth a pound of cure,” the same can be said of implementing a good cybersecurity plan.

It doesn’t have to be extravagant or overly sophisticated. The important thing is that you have one, it is appropriate to your company, and more importantly – implemented throughout the company.

Far too often, I work with clients who fall into one category or another as it relates to security. They have a plan, but don’t follow it, or they don’t have a plan. Neither of these can be considered an ounce of prevention.

Many small or medium-sized non-tech companies believe that computer or cybersecurity is something that only tech companies need to worry about. That thinking is exactly what can get you into trouble.

In 2016, there have been announcements of hundreds of thousands of records breached here in the U.S., with some close to home. I’m sure that any of those organizations will tell you in hindsight that prevention is way less costly than the cure.

As I mentioned, it doesn’t have to be costly or overly sophisticated. Start with the basics, document them as “rules,” and master them. You can find some great government resources on security basics such as those from the FCC and the U.S. Small Business Administration. The real prevention is to do all three actions (define the basic rules, document them and master them). Missing any of the steps is the prevention and where the challenge lays.

Once you have the three steps in place, have an independent party evaluate how your company is doing with mastering the basics. Having a different set of eyes reviewing the company’s efforts will help you understand how effective your protection is, and what you can improve on. Consider it part of a healthy continuous process improvement.

The important thing to realize is that cybersecurity is not a project that has a start and completion date. It is an ongoing effort that should continuously grow and mature, as does the use of technology within your company.

Candy Alexander is a New Hampshire-based cybersecurity consultant and a member of the international board of directors of the Information Systems Security Association. She and can be reached at candy@alexander-advisory.com.