Protecting Your Assets: A Cybersecurity Guide for Small Businesses
()
About this ebook
Small businesses make up over 90% of all businesses, and they account for nearly 50% of the gross domestic product. Yet, other than the bad guys, there isn't a lot of focus on cybersecurity for small businesses. This book aims to help small businesses learn what the bad guys are after, and how they can protect their businesses.
John A. Schaefer
John A. Schaefer is a computer geek with over 30 years of experience in information technology, with a focus on cybersecurity. He's been doing this for so long, in fact, that cybersecurity wasn't even a word when he started. John isn't your typical geek, though. Having spent the majority of his professional career working for Fortune 50 companies, he knows that geek-speak doesn't go over very well in the boardroom. He has a rare ability for geeks: to explain complex technical information in ways that non-geeks can understand. He's been quoted in PC Week and The Wall Street Journal for some of his past projects, and was recently a guest speaker for a graduate level computer science class at Vanderbilt University. Talking to small business owners, John realized there's a need that's not being met for cybersecurity information. It's this void that led John to start Eastvale Cyber. Focused exclusively on small businesses and providing the information they need to improve their security without spending a fortune, John's goal is for Eastvale Cyber to become the most trusted source of cybersecurity information for small businesses.
Related to Protecting Your Assets
Related ebooks
Cybersafe for Business: The Anti-Hack Handbook for SMEs Rating: 0 out of 5 stars0 ratingsCybersafe For Humans: A Simple Guide to Keep You and Your Family Safe Online Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsHack Proof Yourself!: The essential guide for securing your digital world Rating: 0 out of 5 stars0 ratingsConquer the Web: The Ultimate Cybersecurity Guide Rating: 0 out of 5 stars0 ratingsThe Five Anchors of Cyber Resilience: Why some enterprises are hacked into bankruptcy, while others easily bounce back Rating: 0 out of 5 stars0 ratingsEasy Steps to Managing Cybersecurity Rating: 0 out of 5 stars0 ratingsCyber Security From Beginner To Expert Cyber Security Made Easy For Absolute Beginners Rating: 0 out of 5 stars0 ratingsZero Trust Proactive Cyber Security For Everyone: Protecting America Through Technology Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for Lawyers Rating: 0 out of 5 stars0 ratingsSECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century Rating: 5 out of 5 stars5/5Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations Rating: 0 out of 5 stars0 ratingsFortify Your Data: A Guide to the Emerging Technologies Rating: 0 out of 5 stars0 ratingsBe Cyber Secure: Tales, Tools and Threats Rating: 0 out of 5 stars0 ratings7 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5The Abilene Net Rating: 0 out of 5 stars0 ratingsKeeping Cyber Security Simple Rating: 0 out of 5 stars0 ratingsFortify Your Data Privacy Rating: 0 out of 5 stars0 ratingsCyber Smarts for Students Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5The Personal Digital Resilience Handbook: An essential guide to safe, secure and robust use of everyday technology Rating: 0 out of 5 stars0 ratingsIT Induction and Information Security Awareness: A Pocket Guide Rating: 0 out of 5 stars0 ratingsThe Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity Rating: 0 out of 5 stars0 ratingsThe Ransomware Handbook: How to Prepare for, Prevent, and Recover from Ransomware Attacks Rating: 4 out of 5 stars4/5Cyber Security Awareness for Corporate Directors and Board Members Rating: 1 out of 5 stars1/5Cyber Security Awareness for Accountants and CPAs Rating: 0 out of 5 stars0 ratingsCybersecurity for Executives: A Practical Guide Rating: 0 out of 5 stars0 ratingsHow to Survive a Data Breach: A Pocket Guide Rating: 0 out of 5 stars0 ratingsThe Human Fix to Human Risk: 5 Steps to Fostering a Culture of Cyber Security Awareness Rating: 0 out of 5 stars0 ratings
Small Business & Entrepreneurs For You
The Ultimate Side Hustle Book: 450 Moneymaking Ideas for the Gig Economy Rating: 4 out of 5 stars4/5Nine-Figure Mindset: How to Go from Zero to Over $100 Million in Net Worth Rating: 5 out of 5 stars5/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5The Millionaire Fastlane: Crack the Code to Wealth and Live Rich for a Lifetime Rating: 5 out of 5 stars5/5Strategy Skills: Techniques to Sharpen the Mind of the Strategist Rating: 4 out of 5 stars4/5UNSCRIPTED: Life, Liberty, and the Pursuit of Entrepreneurship Rating: 5 out of 5 stars5/5Starting a Business All-In-One For Dummies Rating: 4 out of 5 stars4/5The E-Myth Revisited: Why Most Small Businesses Don't Work and What to Do About It Rating: 4 out of 5 stars4/5The Side Hustle: How to Turn Your Spare Time into $1000 a Month or More Rating: 4 out of 5 stars4/5The Freedom Shortcut: How Anyone Can Generate True Passive Income Online, Escape the 9-5, and Live Anywhere Rating: 5 out of 5 stars5/5Summary of Timothy Ferriss' book: The 4-Hour Workweek: More time, more money, more life: Summary Rating: 5 out of 5 stars5/5The Bitcoin Standard: The Decentralized Alternative to Central Banking Rating: 4 out of 5 stars4/5Small Business For Dummies Rating: 4 out of 5 stars4/5How to Open & Operate a Financially Successful Notary Business Rating: 4 out of 5 stars4/5The Start Your Own Business Bible: 501 New Ventures You Can Launch Today Rating: 4 out of 5 stars4/5Overcoming Impossible: Learn to Lead, Build a Team, and Catapult Your Business to Success Rating: 5 out of 5 stars5/5Wealthology: The Science of Smashing Money Blocks Rating: 3 out of 5 stars3/5Creative, Inc.: The Ultimate Guide to Running a Successful Freelance Business Rating: 4 out of 5 stars4/5HBR Guide to Buying a Small Business (HBR Guide Series) Rating: 5 out of 5 stars5/5Bookkeeping: An Essential Guide to Bookkeeping for Beginners along with Basic Accounting Principles Rating: 4 out of 5 stars4/5Yes!: 50 Scientifically Proven Ways to Be Persuasive Rating: 4 out of 5 stars4/5Robert's Rules of Order: The Original Manual for Assembly Rules, Business Etiquette, and Conduct Rating: 4 out of 5 stars4/5Feck Perfuction: Dangerous Ideas on the Business of Life Rating: 4 out of 5 stars4/5The LLC and Corporation Start-Up Guide: Your Complete Guide to Launching the Right Business Rating: 5 out of 5 stars5/5
Reviews for Protecting Your Assets
0 ratings0 reviews
Book preview
Protecting Your Assets - John A. Schaefer

image-4.pngi
EMBRACE THE GREY
1
HOW LONG HAS THIS BEEN GOING ON?
2
THE FORGOTTEN MAJORITY
Misconceptions
Easy Targets
The Implications
The Domino Effect
3
IT’S JUST A BUNCH OF WORDS
Privacy, Security, and Anonymity
Cybersecurity
Confidentiality, Integrity, and Availability
Threats, Vulnerabilities, and Weaknesses
Countermeasures, Impact, and Risk
Risk Appetite and Risk Tolerance
4
THE INEVITABLE LIST
1. Change All The Defaults
2. Require Passwords
3. Use Multi-Factor Authentication When Possible
4. Keep All Software Up-To-Date
5. Use Anti-Malware (Anti-Virus) Software
6. Limit Access to Systems and Devices
7. Create Separation of Duties
8. Secure Your Files
9. Backup Your Data
10. Turn on Encryption
11. Educate Employees
12. Have Written Policies and Procedures
13. Business Continuity Planning and Disaster Recovery
14. Secure all Webpages, not just Login or Checkout
15. Firewalls & Internet Security
Case Study: WannaCry Ransomware
5
CHECKING THE BOXES
Compliance ≠ Security
The Tangled Web of Privacy Laws and Regulations
European Union
Brazil
United States
6
A STRUCTURED APPROACH
NIST Cybersecurity Framework
How to use the NIST CSF
Framework Core
NIST CSF Functions
NIST CSF Categories
7
CONTINUING THE JOURNEY
Informational Resources for Small Business
Get Involved
The Stuff I Read
A
GLOSSARY
B
ENDNOTES
i
EMBRACE THE GREY
Congratulations on taking a proactive step to increase your awareness and understanding of the biggest threats facing small businesses today. I am, of course, talking about cybersecurity.
Yes, I said it. Cybersecurity. Now take a deep breath and relax. There’s no need to go running for your happy place, because cybersecurity isn’t something to be afraid of. It’s when you don’t have it that you should be worried.
I’m sure you’ve already figured out that this isn’t going to be your typical book on the topic. First, it’s written in the first person. I’ve found it’s easier to have a conversation than to lecture or judge. Second, I am a computer geek - but please don’t hold that against me. While I’ve had a long and varied career with Information Systems and Information Security, I’ve also learned a lot of non-geeky things along the way.
I have a passion for learning and sharing what I’ve learned. And I have the ability to take technical topics and present them in such a way that they’re understandable and relatable by normal people that aren’t necessarily technical. (Yes, I just implied that geeks aren’t normal - and I’m standing by that assertion.)
As an example, I’m sure we’ve all seen news reports or read articles about cyber attacks by bad guys. These stories usually have an expert that tells you exactly what you need to do or things that you must never do to stay safe and secure. You’d think from listening to these reports that we live in a black-and-white world, and that cybersecurity is a one-size-fits-all proposition.
It’s a lie.
Do they know your line of business? Do they know the risk tolerance of your organization? There is no one-size-fits-all solution for cybersecurity. Every organization is different - the type of data, appetite for accepting risk, visibility as a target, and many other considerations go into creating a secure environment. Cybersecurity isn’t black-and-white. I’m here to help you learn to embrace the grey areas.
This book will assist small businesses in getting a better handle on cybersecurity. Yes, there will be lists - because there are some fundamental things that everybody should be doing. It’s not unlike changing the oil or rotating the tires on your car; preventive maintenance is part of the cost of ownership.
1
HOW LONG HAS THIS BEEN GOING ON?
Early adopters of the Internet as a business tool gained a competitive advantage over those with a wait and see attitude. While it took a leap of faith to make that move 25 years ago, those businesses were rewarded with a fertile market whose potential few could envision at the beginning. As an example, Amazon.com was started in 1994 as an online bookstore and was based in Jeff Bezos’ garage.¹ In their 2017 fiscal year, Amazon.com sales were just shy of $178 billion.²
Finding success is more difficult on the Internet today, but there are still examples such as Airbnb, Lyft, and Houzz. These types of companies are referred to as disrupters because they challenge long established business models They are also examples of something called a digital business.
The term digital business has been around for a few years, but there is still disagreement on the exact meaning of the term. When I use the term, I mean A digital business is one that uses technology as an advantage in its internal and external operations.
³
I may be cheating a little, because this definition means that nearly every business today is a digital business. But in all honesty, there are very few companies that don’t use computers or the Internet for at least some part of their operations. Whether it’s simply maintaining a website, conducting sales, or communicating with suppliers, it’s nearly impossible to conduct business today without using computers or technology to our advantage.
Even setting aside the Internet, computers allowed companies to be more efficient, better manage inventory and resources, and reach a global audience that wasn’t possible until recently.
Like most things, though, there is a darker side to these advancements. Cybercriminals can break into unsecured computers and create chaos. Whether it’s depleting bank accounts, creating fake online orders, or encrypting your information and demanding a ransom to recover it, the bad guys can attack from anywhere in the world with