How much should you budget for cybersecurity?

While establishing an IT budget is important, your cybersecurity budget might be even more important. This expenditure should be completely separate from your main IT budgeting, and it should be taken very seriously.

Cyber attacks are more frequent than ever, and if you’re hit by one it could be a disaster for your business. While losing productivity, is of course, bad, there’s far more at risk here including potential legal consequences if you’re in a field with highly regulated data protections like health care or finance. Your clients are depending on you to keep their information safe and if you can’t, then your company will suffer.

How much should you budget for cybersecurity?

If you’re not sure how much you should beplacing into your cybersecurity budget, then you may want to look to yourcompetitors. Your goal should be for your budget exceed theirs. This makes thema more likely target than you because cybercriminals like easy money.

For those who are new to cybersecurity, a good rule of thumb is to spend 10-15% of your IT budget on these preventative measures. However, there are different levels of cybersecurity, and your needs will depend on the reach of your business and your industry. Let’s talk about these levels so you can decide what you really need to keep your data safe.

The many levels ofcybersecurity

Level 0 - Anti-Virus

Cost: $0-$5 per month per user

At the very least, every one of your machines should have a proper antivirus program installed. If you have an IT team that handles the management of your devices, then this is likely already in place. However, if you’re just getting started and your staff is very small, then you may need to take care of this yourself.

Level 1 - Basic

Cost: $20-30 permonth per user

Once your business begins to establish itselfyou should start putting a real cyber security plan in place. While most peoplethink that their files will be compromised due to hacks, the reality is that inmany cases it’s the businesses employees who let these attackers in. Make sureto have these protections in place.

  • Spam Filter

A good spam filter keeps malicious phishingemails out of your inboxes. This keeps employees with little technicalknowledge from falling for common scams that steal your valuable logininformation, giving hackers direct access to your files.

  • Web content filter

Everyone browses the web at their job, butmany of them don’t understand that some sites they visit could endanger theentire network. A content filter rejects these pages and keeps you safe frommalware that can infect your files.

  • Managed firewall

While similar to what you’d get on your homecomputer, a managed firewall is a serious step up in security. Managed firewallservices are handled by outside companies that are experts in cyber security.They keep tabs on the web traffic entering your network and you’ll be alertedif anything fishy is going on. Stopping potential security threats in theirtracks.

  • Managed backups

Even with the best security, you can still endup getting hacked through an unknown vulnerability. Keeping professional backupsmeans that you can more easily recover from an attack if it does happen. Thesebackups should be onsite and offsite to provide the best options when securityis compromised.

Level 2 - Moderate

Cost: $30-$60 peruser per month

The bigger you get the more security you need.For a moderately sized business, you should make sure that you have these dataprotections in place in addition to the basic protections.

  • Multi-Factor Authentication

This allows for more secure logins to preventunauthorized access. Users will be asked to verify using more than onecredential before being allowed to log in. An example would include entering ausername and password, but then also a pin number that only they would know.

  • Cyber Risk Assessment

This assessment is performed by an outsidecompany. They will identify any potential security risks in your systems andprocesses and create a plan to make your company’s network more secure. Thecost for this starts at around $10,000 but it can be invaluable in creating a bettersecurity plan as your company grows.

  • Disaster recovery plan

In addition to creating a barrier to keepattackers out, you should also have a recovery plan in place. This includesplanning how to get all of your systems back online, your data back in placeand shutting out attackers if they do manage to get in.

  • End-user policies

Establish an end-user policy to informemployees what their responsibilities are in protecting corporate data.

  • End-user security training

A company is only as strong as its weakest link. Spend the time and resources to train your staff on proper security protocols to avoid phishing attempts.

Level 3 - Advanced

Cost: $60-$100 permonth per user

  • Disk encryption

Encryption keeps your data private. Even if anintruder does gain access, they won’t be able to read encrypted disks.

  • Application Whitelisting

By only allowing specific programs to run onyour network you can prevent malicious software from accessing your files.Whitelisting makes it so only authorized software can make changes or run.

  • Intrusion Detection System

This software monitors the network formalicious activity so that it can be stopped quickly. Much the way your homesecurity system tells you if someone is in the house who shouldn’t be,intrusion detection tells you who’s on your company’s network who shouldn’t be.

  • Managed Security Operations Centre

A managed security provider can provideinsights into your security. It also takes a ton of work off of your plate whenit comes to managing protocols and looking for intruders.

  • Mobile Device Management

Mobile devices are an unexpected way for attackers to gain access to your network. By implementing rules for usage you can protect unsuspecting users and their phones from malicious software.

Level 4 - Total

Cost: $150-$200 peruser per month

  • Log Collection (SIEM)

Collecting security logs which you can thenanalyze to find patterns leads to better cyber security. This can help you tofigure out if employees are actually following protocols or where there arevulnerabilities in the system.

  • Endpoint Detection and response

This software helps to identify weak points inthe network, and it can help you to squash any issues before they become aproblem.

  • Network access control

Device compliance is key to network security.By having strong controls in place you can deny access to devices until theyare up to par, preventing many security threats.

  • User Behaviour Analytics

Some threats may actually be coming from inside your system and user behavior tracking allows you to find those threats. It can identify patterns which it deems malicious.

For more information of cyber security visit the Australian Cyber Security Center or call Greenlight for an assessment.

Prior releases