Cyber Security Month Series Part One

As part of Cyber Security Month, we here at the small business development center, south central region branch, are offering a four part series of weekly tips provided by an experienced Computer Security professional who will simplify the topic and illustrate how you can protect yourself and your small business.

Bill Tucek is trusted information Security Advisor and Leader with over twenty years in Information Security Management and Consulting with International experience within several industries including Telecom, Pharmaceuticals’, Financial Services, Government / Defense and Manufacturing.  A Co-Inventor for Security process for Medical Device with US Patent, he holds several Security degrees and certifications including a Master’s Degree in Information Security.  Bill also serves on a Governor’s advisory board for Cyber Security for the state of Indiana.

So Bill, break it down for us, what is the big deal about CyberSecurity and what are the potential impacts to small business:

It’s really about protecting the information and systems that are critical to you and your business so there is no impact to your operations and your profitability. Your businesses information has value, it can be of strategic or it can be a commodity value depending on the type of information. In The wrong hands, your information can have a negative and costly impact to your business. To summarize, it is about limiting unnecessary risks to your business.

What do you mean by this value, could someone profit from my business information?

Absolutely, small businesses have a lot of confidential information – sometimes unsecured, containing information about customers, business plans, accounting and financial records, personally sensitive information.

For example, if you are a sales or marketing professional and have a detailed plan about future market expansion or a new product line, this certainly would be of strategic value to your competitors.  What would be the cost to you if you were hacked and competitors obtained this information and realigned their business strategy before you could implement?

Let’s say this same sales or marketing professional also has a client list of good paying customers along with credit card numbers and this information is stolen.  This information has a commodity value as it is easily traded in underground markets for conversion to cash or equivalents.

There is also value in your ability to just being able to access your own information aka availability. For example, imagine if one day you go to accept a payment from a customer and are unable to do so as your computer is locked and demanding you to pay a ransom.  Your ability to access to your own systems has a huge value on your business.

So what is a good first step here for a small business?

My first suggestion is to know what information is most valuable to your business and where it is; just knowing what that information is a big first step. Second, is understanding if there is any regulatory requirements the information your business holds.  For example many health professionals such as Doctors and Dentists have requirements concerning patient health records.   Having a plan on how you are going to handle and protect that information is important to your business.

The third step is how that information is being utilized stored and managed. From my observations of many small businesses, especially startups, have information in multiple locations or mixed with personal information. Small business people would benefit by separating the business from personal information to limit potential attacks spread should they occur.

For example, a small business owner has business accounting records on a personal computer which is also used for pleasure. The owner an avid gamer, downloads “free” games from the internet for personal use after work. In this common example, the games contain malware which later delete customer records for accounts receivable which has a direct impact on the business owner’s ability to collect receivables with a direct impact to the bottom line.

You have provided us with some good examples and tips, what else can I do protect my business information?

Next, come up with a plan with how you are going to protect this information. For some business owners this is very simple and low cost effort. We will discuss this in next week s discussion.

Can you recap what we have learned here today?

  • Know what information is critical to your business and the value to an outsider.
  • Understand and regulatory requirements for data you manage.
  • Known where your business information is stored.
  • Limit mixing personal use on computers intended for business.
  • Understanding the basics of information Security which are Confidentially, Integrity and Availability.
  • Begin the steps to develop a simple plan on how you are going to manage and protect your business information.


The author can be reached at

All rights reserved, Copyrighted work by William Tucek. Registration date: October 01, 2017 – 12:50 PM , Copyright number: IBGH-ATPD-OKMS-ENOM

This entry was posted on Wednesday, October 4th, 2017 at 2:08 pm and is filed under Blog. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.