Virtual CISO for small business, is it worth it?

by | Aug 29, 2024 | Blogs

My name is Tony Asher. I’m the operator of Asher Security, and I’ve been doing virtual CISO work for over five years. One of the questions I get is, “is a virtual CISO worth it if we’re a small business?”

Definitely a hard question to ask. My initial answer would be yes, with this caveat; as long as it can just be an engagement.

The thing that really determines whether a virtual CISO engagement is worth it is the risk that business has. What you’re trying to protect.

I always say data is currency.

If you’re running a small business, even if it’s just one employee, and you have data that is sensitive and at risk of being compromised, hacked, stolen, ransomed, it’s a really good idea and worth it to engage with some kind of security professional, whether it be a virtual CISO or some other facet of cybersecurity professional that can come in and;

  • Perform an assessment
  • Assess your security controls
  • Where you’re storing that data
  • Provide security best practice
  • Education against applicable threats
  • Ensure that the right security controls are installed
  • Data is being disposed of properly
  • Backing up that data so you can recover what to do if you do have an incident.

That doesn’t have to be a long-time permanent relationship. Our company, Asher Security, performs a Rapid Visibility Protocol. Via a short engagement this provides risk visibility, and through that you can have a roadmap. Once you have a roadmap of what you should do to properly protect your business against hackers, you can decide if a virtual CISO or other cybersecurity professional can provide you the resources to equip you to be successful.

And doing it early is going to make a big difference and it can save you an exponential amount of time and effort.

Quick story, recently we were called by a small company and they had been hacked. They lost approximately $700,000. And for that company, that was devastating. I think it would be devastating to any company, but my heart really goes out to them. Specifically, to the person that felt the weight of that happening. They were ultimately the victim within the company. A small amount of cybersecurity awareness and training and a short engagement that cost a percentage of a fraction could have saved them all that amount of money they lost. It could have saved that person a lot of stress and heartache. I don’t know what the future of that company is.

If you’re asking if a virtual CISO is worth it to a small business, my answer is this; Yes if you’re dealing with any of the following;

  • Sensitive data
    Steward of other people’s data
  • Sharing sensitive data with companies outside
  • Those are all reasons to engage with a virtual CISO, no matter what the company is.

I hope that makes sense. If you’re interested in our Risk Visibility Protocol to assess your data, reach out and we can schedule a discovery call. I hope that helps.

 

7 Ways to Improve Your Cybersecurity Reporting to Executives and the Board of Directors

A guide for cybersecurity leaders that will help you gain the reputation of a solid leader, while preventing you from making the mistakes I made when I was projected into reporting. This guilde will equip you and remove the stress and anxiety so that you can be clear and bold in your opportunity to prove you're the right person for the role, and your plan is on track!

You have Successfully Subscribed!