Due to the tight funding of small businesses, it is difficult to invest a large amount of money in cybersecurity. However, with the increasing emphasis on cybersecurity regulation in the country, small businesses can ensure cybersecurity without excessive investment by following these steps:
- By implementing a strong password policy and requiring employees to use unique and complex passwords, small businesses can greatly reduce the risk of unauthorized access to their networks and data.
- Regularly update software and system patches.
- Use VPN for internet access.
- Develop a plan to respond to cybersecurity attacks.
- Provide security awareness training for employees.
The above five points are sourced from The Importance of Cybersecurity for Small Businesses | by Ismail Tasdelen | System Weakness
In addition to the above five points, considering the situation in the country, the following can be added:
- Log retention as required by regulations, with logs retained for six months. The company can set up a log server and regularly back up the logs.
- Risk assessment and level protection required by the "Cybersecurity Law." Risk assessment can be entrusted to a third-party company, and the level of protection depends on the company's business system. If it is not too important, a level 1 or 2 can be implemented. Level 3 requires the involvement of a third-party security company. If level 3 protection is required, corresponding security equipment needs to be implemented, which will increase costs.
- Asset inventory must be updated in a timely manner. Familiarize yourself with your own assets and minimize the services exposed to the outside world, avoiding unnecessary open ports.
- If there are business systems, regularly use open-source vulnerability scanning tools for periodic scans.