• Home
  • >
  • Blog
  • >
  • How to Build a Cybersecurity Plan to Protect Your Business

How to Build a Cybersecurity Plan to Protect Your Business

How to Build a Cybersecurity Plan to Protect Your Business

Small businesses are not immune to cybersecurity attacks like ransomware and phishing. Any business that has sensitive data like personal information, financial data, customer information or trade secrets can become the target of an attacker. In fact, small businesses can be even more attractive targets than large ones, since attackers know they often lack the security expertise and infrastructure that larger businesses have.

Why Your Business Needs a Cybersecurity Plan

The continued existence of your business depends on an effective cybersecurity plan. Though almost half of attacks target small businesses, many have not prioritized cybersecurity enough to create a plan for preventing or responding to an attack. A 2021 CNBC survey found that 59% of small business owners were confident that they could resolve an attack quickly, but that only 28% of them had an incident response plan in place. That creates a huge — but avoidable — risk. With a typical cost of a data breach for a small business ranging around $200,000, it can put the very existence of your business in jeopardy.

Elements of a Holistic Cybersecurity Plan

Your cybersecurity plan needs to cover every element of managing and minimizing cybersecurity risk. Effective plans ensure you are ready to maintain the confidentiality, integrity and availability of critical information and business systems. Proper planning also recognizes that there is no one-size-fits-all approach to managing cyber risk; each business has unique characteristics and your cybersecurity plan needs to reflect your specific requirements. Many small businesses are even subject to the same legal and regulatory requirements as large businesses, like HIPAA, PII, FINRA and others.

The National Institute of Technology and Standards (NIST) has published a framework that can serve as a roadmap to developing your winning plan. The framework helps to organize cyber preparation across five phases: Identify your risks and requirements; Protect against attacks; ensure you can Detect all forms of attacks; create the ability to Respond to breaches; and establish a plan to Recover in the event of a successful attack. Critical steps with each of these categories include:

Readiness (Identify)

  • Assessment: Determine the current state of your environment, cybersecurity program and cybersecurity risk.
  • Policy Development: Create policies based on industry guidelines and best practices, reaching across both the traditional IT environment and business operations.
  • Vulnerability Assessment and Penetration Testing: Identify exploitable issues that should be prioritized for remediation.
  • Training: Give your organization the knowledge and tools to follow security best practices.

Proactive Protection

  • Extended/Endpoint Detection and Response (X/EDR): Deploy next-generation anti-virus solutions to actively monitor endpoints for indicators of both well-known and emerging threats. Respond to identified threats at the point of attack, while also elevating detection and protection by correlating this activity into a central security management platform (known as a Security Information and Event Manager, or SIEM).
  • Remote Monitoring and Management (RMM), including Patch Management:  Know the state of devices on your network across your endpoints, servers, cloud, IoT and critical infrastructure, and identify exposures as early as possible. Enable control of your endpoints and rapid response to mitigate security threats. Ensure that machines receive the latest updates to prevent attacks against outdated software. Link this critical status information and response capability to a SIEM for the highest level of threat detection and mitigation. 
  • Firewall Integration:  Control network traffic and prevent suspicious connections while providing important status and activity information for threat correlation to a SIEM.
  • Protective DNS (PDNS): Filter out traffic to or from domains associated with phishing, malware and command-and-control infrastructure. Apply PDNS to servers, firewalls and endpoints.
  • Zero Trust:  To elevate protection, configure network devices, applications, and even people, so that they are not trusted by default, and always verified, before getting access to corporate data or services.

Threat Detection and Response

  • Security Information and Event Management (SIEM): The heart of a comprehensive security architecture, a SIEM detects and correlates indicators of threat activity across your entire environment (endpoints, servers, cloud, network infrastructure) through signature matching, machine language and artificial intelligence.
  • SOAR:  Provide real-time automated threat mitigation, response and notification services based on findings in the network. Cut many response times from days to minutes, with machine driven automated response capability that never sleeps.
  • 24×7 Security Operations Center (SOC): Monitor systems all day and night, provide notifications, and be ready to perform threat hunting, analysis and investigation in case of an incident.

Recovery and Restoration

  • Backup: Maintain frequent updates, secure copies of critical data and configurations. Ensure backups are segregated from operating data.
  • Recovery: Set up a documented, practical procedure for restoring systems to a trusted state.

Steps of Creating a Cybersecurity Plan

Knowing the elements of a cybersecurity plan is part of the picture.  Now, you need to know how to put it into action.

  1. Assess Your Current Level of Cybersecurity Protection. 

Before planning for the future, you need to know where you are now. Invest the time to identify your most important information and business systems, and determine what would happen if they were lost, damaged or published outside your company. Prioritize protection of the most valuable or potentially damaging assets to minimize the impact of possible cyber attacks.

Find out what security policies and tools you have in place, as well as what (if any) security visibility or monitoring capabilities you have. Do you have an incident response plan? Once you know these things, you can assess the gaps, create a new plan, and prioritize the best ways to get from your current security posture to a stronger one.

Tip: If you or your staff (including your managed service provider (MSP)) have the ability, consider running one of the free network scanning tools designed to identify network and or web application security flaws. While not complete, these will indeed give you a good ‘first look’ at what vulnerabilities you may have. We recommend that you conduct a professional risk assessment.

Here are some examples:

Nmap: Open-source port scanner and network mapper available as a command-line interface or as a GUI (Zenmap).

OpenVAS: Vulnerability assessment tool for Linux users.

Acunetix: A web application security scanner that can detect over 50,000 network vulnerabilities when integrated with OpenVAS.

Spiceworks Inventory: A free web-based network IT asset management tool that automatically discovers network devices via an on-site agent.

  1. Implement Active Protection, Detection, and Response, with a Focus on Resiliency

NIST defines cyber resiliency as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” A focus on resilience means a long-term approach to building the people, processes, and technologies necessary to recover from attacks.

Resiliency starts with a strong defense. If an attacker strikes your business, you need to be able to find them as quickly as possible, stop the attack, discover what has been compromised, and get your business back to a trusted state. This requires visibility and active protection of your environment – including your endpoints, network, servers, and cloud, and key business systems – through tools like X/EDR, as well as correlation and response through a SIEM and SOAR.

  1. Create a Robust Backup and Recovery Plan

Resiliency extends past defense to ensuring you are able to recover in case attackers are able to break through your protection. This requires a robust backup and recovery plan, one that considers your full environment including servers, endpoints and cloud.

This also means testing your backup and recovery. For example, limited download speeds can mean days of data downloads and server rebuilds. Even in a data center environment, unless you have taken the proper steps your recovery can be slower than you anticipate.

Your recovery plan also needs to include an Incident Response Plan. The time to plan your actions is before any attack occurs, not in the heat of the moment. The plan needs to incorporate the steps you will take if attacked, as well as the specialists, advisors and resources you need to have available to aid in response. Advance planning can dramatically reduce the business impact and cost of an attack, while enhancing the speed of your recovery.

  1. Build in Stronger Preventative Measures

Once you have built those active capabilities, it is time to build in stronger preventative measures. A strong security program is going to have many layers, each one making it that much more difficult for an attacker to get a foothold in your network — this is often referred to as ‘Defense in Depth.’. These layers can include enhanced and active monitoring capabilities, standards for backup systems, authentication and credential protection like multi-factor authentication and password managers, penetration testing, and user education.

How Cyberleaf Can Help

There are many moving parts and considerations when building and tailoring a cyber protection plan in a way that fits your needs. Getting it right requires subject matter expertise and specialized resources.

That’s why, at Cyberleaf, we provide accessible, world-class managed cyber security for small and medium businesses–because we believe all organizations deserve protection from cyber attacks. We work with your existing team or MSP to provide top-tier solutions to businesses of all sizes, at an economical price through our subscription-based model. We also provide support and training from our expert staff from implementation through management and maintenance.

With Cyberleaf managing your cyber protection, you can spend more of your time and energy managing and growing your business. We can help you assess your current environment and vulnerabilities, and put a plan in place to protect your critical data and systems – one that is effective, feasible, affordable and fast. Take the first step and contact Cyberleaf today for a free no-commitment, no-risk cybersecurity risk assessment.

Related Posts

June 4, 2024

Technical Analysis of Anatsa: An Android Banking Malware Active in the Google Play Store

May 16, 2024

The Threat of Generative AI

Jonathan Meyn

Director of Channel Sales

Jonathan is responsible for the Channel Strategy at Cyberleaf. He has over 10 years of experience in various technology solutions sales leadership roles. He has driven cybersecurity strategy and growth within the nation’s leading managed service providers.

Jonathan has a Communications Degree from Pennsylvania State University.

Brant Feldman


Brant served in Naval Special Warfare for 11 years.  He separated as a Lieutenant Commander having served at SEAL Team TWO, SEAL Team FOUR, and SEAL Team SIX.  Following his Naval service, Brant joined ADS in 2008 and was ultimately promoted to Chief Sales Officer, where he directed all sales, supplier, and marketing efforts.  His team was comprised of over 200 sales professionals who drove $3.2B in annual sales.  In 2022, Brant left ADS to pursue opportunities in Private Equity.

Brant has a Juris Doctorate from the University of Virginia School of Law, an Executive MBA from the Darden School of Business and degrees in Economics and Government from the University of Virginia.

Will Sendall


Will served as Chief Financial Officer to various private equity and VC backed high growth technology companies where he managed the financial and operational functions.  Will has also successfully executed multiple debt and equity fundraising processes and led both buy and sell sides of M&A processes.

Will has a MBA from the University of North Carolina – Chapel Hill and a degree in Accounting from Appalachian State University. 

Marshall Howard

Executive Vice President

Marshall is responsible for engineering and project management for Waterleaf. He has over 20 years of executive experience across startup operations and Fortune 500 companies in multiple areas including Operations, Engineering, Technology Implementation, Business Planning/Budgeting, Finance/M&A, Revenue Assurance, and Regulatory Affairs.

Previously Marshall served as a Vice President at T3 Communications, Inc., a Fort Myers, FL-based CLEC and managed services provider. Before joining T3, Marshall served as VP of Network Technology and Business Development at Cleartel Communications (now part of Birch Communications), where he played a major role in acquiring and integrating three other CLECs.

Marshall earned a BS in Physics from Rhodes College, an MSEE from Vanderbilt University, an MBA from Southern Methodist University, and completed post-graduate work in Finance and Economics at Vanderbilt University. In addition, he has earned a Project Management Professional (PMP) certification, and last but not least, he is a Certified CMMC Assessor.

David Levitan


David has over 30 years of experience as a telecommunications industry executive, leading technology and services organizations that have designed, built, and maintained fiber and wireless infrastructure across the US and internationally. He has extensive development, product marketing and general management experience operating independent, sponsor-backed, and publicly traded companies.

David’s previous experience includes executive leadership roles in start-up and publicly traded companies. As President of C-COR Network Services, he drove over 30% sales growth through a team of 400 employees delivering network infrastructure services for broadband operators, while also serving as an officer of parent company C-COR, Inc. At Scientific-Atlanta, Inc David held a progression of leadership and executive positions as the broadband division grew from ~$100 million to over $1.5 billion in annual sales. During his tenure he held product management, strategic planning, and general management roles, including overseeing the rapid growth of the company’s largest business unit, and establishing and scaling a unit delivering domestic and international professional services. As Vice President of CableMatrix, David also helped raise $5 million in series A venture funding for a policy management software startup.

David completed his undergraduate work at Cornell University with a BA in Economics and holds an MBA from the Harvard Graduate School of Business. 

Adam Sewall


Adam has been a successful senior executive and entrepreneur in the telecomm industry for more than 20 years. Adam has demonstrated success in complex technology deployments, as well as strategic planning, corporate development M&A, business development, operations, and general management. This experience also includes several significant liquidity events for shareholders.

Adam has had significant experience in the design, deployment, and operation of fiber, cellular, point-to-point and other communications networks in the US, Asia and SE Asia. Included in these deployments are AMPS, GSM, CDMA/TDMA, spread spectrum, Wi-Max/Wi-Fi and various Metro and long-haul fiber networks.

Prior to Waterleaf Adam was the President and CEO of T3 Communications Inc. www.t3com.net a next generation CLEC based in Florida. He has also held executive management positions in operations, strategic planning and corporate development at T-Mobile and Verizon Wireless.

Adam’s technical background includes work in RF engineering, SDR, mobile s/w development, hardware engineering and telecommunications architecture. His project management and operations background include certifications in project management, GSM/PCS, numerous telecom standards and the successful integration of complex infrastructure as well as global deployments of software and communications networks.

He holds a BS Degree from SUNY and has completed graduate studies in engineering, finance, mathematics and economics at Stevens Institute, Columbia and Pace Universities.