Revolutionizing Cybersecurity for Small Businesses: Introducing Security Moments
The concept of Security Moments came to me quite a few years ago. I had been working as an information security leader for some time and saw the tremendous changes occurring in how technology was being used. And I saw how quickly the threat landscape was evolving around that.
The Genesis of Security Moments
During my career, I always strived to create a foundational approach to how we defended ourselves from cyber-attacks. In the beginning, it often felt like whack-a-mole. An attack would pop up and we would all run over to try and contain it. But as time went on, the security community as a whole started to recognize patterns in how attackers operated and the types of defenses that were most effective.
I think we all quickly realized that preventive measures to defend against cyber-attacks needed to focus on people, vulnerabilities, and authentication and authorization.
The Five Pillars of Comprehensive Security
Security Moments emphasizes five crucial aspects:
People Education: Train your workforce to identify and respond to threats.
Vulnerability Reduction: Regularly assess and mitigate vulnerabilities in your environment.
Identity Management: Maintain control over access through robust authentication and authorization.
Incident Response Plan: Be prepared to limit damage in case of a successful attack.
Recovery Plan: Have a plan in place to recover swiftly after an incident.
If you educate your work force on how to identify threats and if you were able to reduce the number of vulnerabilities in your environment and if you had good control over identity management, you stood a fighting chance.
And if an attack was successful, you could limit the damage with a good incident response plan and a good recovery plan. There is much more to a comprehensive approach to security, including the challenges of dealing with evolving regulations, but if you could do these five things well, you could reduce your risk by a significant amount.
So back to Security Moments. With respect to training, what I saw was a lot of canned security training that companies were asking their employees to take annually. The training was long and was often the same content every year. I think a lot of people dreaded training season. I started to think about how we could make this more engaging and something that people would pay attention to.
Redefining Training: Bite-sized and Engaging
I was searching for an approach that better aligned with how people learn and could be delivered in a way that helped people understand and better retain information. I was also thinking about how social media was changing how people consume information, which is basically in bite-sized chunks as opposed to the “TL;DR” reaction I was seeing with a more traditional approach.
This meant getting away from once-a-year training courses that were over an hour long. Short videos with simple, easily retainable messages that could be delivered quickly made more sense.
Out of that came the name Security Moments. It was a great representation of those daily moments when we are faced with a threat and must make a quick decision. Maybe we recognize the moment, and we don’t know what to do, or even worse, we don’t recognize the moment at all. On the other side, it also represents the idea that being able to recognize those threats is important, but it should only take a few moments to educate people on how and what to do when they happen. So, I toyed with this concept for many years, experimenting with different approaches, trying to see what worked and what didn’t.
I recognized that even though training is necessary, the other four areas I mentioned above were equally important. Because I worked for several large, multi-national corporations in my career, we could always afford to bring in expensive consulting to help us design our security programs and we could afford to implement expensive security solutions to help keep us safe. We were investing millions of dollars and hiring dozens of people dedicated to just security. I was aware and concerned that smaller businesses just couldn’t afford that type of approach, putting them at a huge disadvantage. And attackers, who were also seeing this, have made small businesses their primary target.
Anonymity is no longer a viable defense strategy for small businesses.
About two years ago, I decided that Security Moments was something that I wanted to commit to. What really drove me to do this was seeing how small businesses were continually being targeted and the lack of support being provided to help with this growing threat. Small businesses are still the driving force of the U.S. economy, employing almost half of the U.S. workforce and accounting for 99.9% of all U.S. businesses. They are facing many of the same threats as much larger businesses and need to be given a fighting chance. I became obsessed with this idea and felt with my decades of experience, I might be able to help.
As I worked on what I could do and how, a few things stood out.
The first was cost. How could I make something that was affordable yet still provided enough value to put businesses in a better position to protect themselves.
Second was time. Security Moments training needed to be concise, easily consumable and needed to re-enforce some key concepts so that they became engrained.
The third area I wanted to address was related to helping businesses compete. Regulations on data privacy are becoming more common with significant fines for violations. Additionally, larger businesses are being held responsible for vetting the security of the suppliers and vendors they work with. If a smaller business cannot show that they are secure, they may be at a disadvantage.
And lastly, I knew that building a security program takes years and is a potentially significant investment. How could I help businesses get started with a strong foundation for their security program so that they could build on it as their business grows?
So, that’s the story. We have put together a strong team of professionals to deliver an affordable approach to helping small businesses become more secure.
Our commitment is to provide training and additional resources that establish a foundational path towards better security. We want to give business owners a fighting chance and the opportunity to focus on what they do best, which is running their business with confidence.
Join Us in Securing Your Business
Take the first step towards a more secure future for your small business. Don't let cybersecurity challenges hinder your success. Explore our Cybersecurity Training for Small Businesses and get started today!