Select Page

5 Questions to not get lost in cybersecurity for Small Business?

The world of cybersecurity can be scary at times and it’s often confusing for many small business owners. With questions like “where do we start?”, “What do we need?” And “What are we already doing with our data?”

Here are 5 questions to help you assess your needs and priorities.

1. What cybersecurity regulations do you have to comply with as an organization?


  • HIPAA – Healthcare providers
  • PCI – Organizations processing credit cards
  • GLBA – Companies that offer consumers financial products or services like loans, financial or investment advice, or insurance
  • DFARS – Contractors or subcontractors providing a good or service to the DoD, whether directly or through an upstream provider
  • State-level – NYS DFS, Ohio Data Protection Act, S.C. Insurance Data Security Act, Mass. 201 CMR 17, etc.

Understanding the regulations you need to comply with will help you know which security framework you need to apply. Security Frameworks are a common approach to applying security to your business. Different regulations or industries have adopted different frameworks as there standards for cybersecurity.

2. If you were to be audited tomorrow, what red flags do you think the auditor would find?

Audits happen, and often businesses are not prepared. Audits can happen after a security event occurs and can be part of the insurance or legal process. Or audits can happen as part of annual compliance validation. Either way understanding the audit process and how you will handle the audit process is important to being successful with your cybersecurity approach.

Additional tip: You should assess the time it will take to prepare and complete your audits and who on your team is tasked with the duties of audit. This could require several members from your team and if you don’t have a team reach out to the ChatFortress team to discuss how we can support you.

3. If a determined hacker tried to breach your network, are you confident that your people, processes, and technology could effectively fight back?

What you want to think about here is how do you detect a breach? How do you respond to that breach? What are the response times and recovery times associated with these activities. Many companies are falling short on the detection and response categories. This means you don’t know which part of your networks or data are under attack or for how long you have been exposed.

4. What area do you think you have the most deficiencies when it comes to cybersecurity?

This is just a general question to get you thinking. You clearly have some concerns or worries about your data security or exposure because you are reading his article. Therefore what has caused this concern? It is because a company you work with or know has been compromised and experienced a loss, and you have similar workflows?

Most companies already know things they are doing everyday that are risky. What are those activities and why are you concerned now?

5. It’s best practice to have a fresh security assessment performed after significant changes to technology or the business such as acquisitions or mergers. Have you had any such changes recently?

Companies are always changing or adding new software and systems to their workflows. However when we are busy dealing with change it’s hard to take a moment to review how these changes impact your data security systems.

Cybercriminals will often exploit simple things within your system. Like leaving the permissions on your folders incorrectly set so the world has access to your data in the cloud for example. This is a common one for people who are using cloud based services like Amazon S3.

If you have not reviewed your risk recently from the hackers perspective you can easily complete a free Cybersecurity report card at This will provide you with an understanding of your current vulnerabilities and how you can remediate them.

Who is ChatFortress

ChatFortress is a leading cybersecurity company that is helping small and medium-size companies protect themselves from hacking attempts. Using Cybersecurity AI, Gamified cybersecurity awareness programs and providing virtual security analysts. Our goal is to help you create a cybersecurity aware culture.

ChatFortress Email Guardian is the Ultimate Anti-phishing Program as it Detects and Mitgates Email Phishing Attacks in 3 seconds using A.i Real-Time Inbox Scanning for Phishing Prevention!

Discover secrets to social engineering scams hackers use to steal your data and money with the 7 Day Cybersecurity Crash Course

The ChatFortress Free 7 Day Cybersecurity Crash Course will give you cybersecurity insider secrets on how to protect yourself from hackers. The 7 Day Crash Course is one email a day for 7 days and will cover password cracking skills, social engineeing scams, how to detect phishing emails, how to protect yourself from attack and current threat trends. Sign up today to unlock these insider secrets.