We had a chance to sit down with Chris Klingenspor, SVP of Business Security & Security Risk at Equifax, to discuss how small businesses can navigate the complex world of cybersecurity.
He provides actionable tips for how every organization can build a security-first culture that makes cybersecurity second nature.
The fact of the matter is that cybersecurity threats have never been more prevalent. With COVID-19, small businesses move to digital was accelerated; however, the move was made often with little knowledge and experience of the exposure and vulnerabilities of being online. Every phone and every device connected to the internet can expose your business if you’re not prepared. In the hands of the wrong person, that exposure can lead to damage.
“Today’s cyber challenges are unprecedented,” Klingenspor said. “Regardless of the size of your company, the industry you operate in, or where you’re based, no one is immune to these threats.”
But that doesn’t mean that small businesses are doomed to constant cybercrime and data breaches. Whether it’s investing in stronger technology or better training, there are measures that every company can take to protect themselves.
Building a security-first culture
In a recent Forbes article, our COO and co-founder, Fabi Hubschmid, discussed the importance of making cybersecurity a business priority. Klingenspor says much the same. One of the first principles of great cybersecurity, Klingenspor says, is to underscore that security is the responsibility of every employee. Security must be implemented top-down to build protective measures into the DNA of all businesses.
“Set the tone at the top: CEOs, Owners, and Operators need to make it clear that cybersecurity is every employee’s responsibility,” Klingenspor said. “Prioritizing security allows you to better protect your business and build stronger trust with your customers. Creating a security-first culture isn’t easy, and sustaining that change is equally as challenging. But ultimately, it’s the right thing to do.”
Learning the fundamentals of cybersecurity
When it comes to cybersecurity, every business needs to focus on the fundamentals.
“The vast majority of cyber incidents are because of a failure of fundamentals – incidents that are completely avoidable,” Klingenspor said.
For example, educating employees on how to spot phishing emails is a difference maker and a must-have for every organization.
In her article, Hubschmid said that “using real scenarios and samples of sophisticated phishing emails, business owners can help their employees recognize the risks and understand the mitigation steps to prevent unauthorized access to company data due to human error.”
Preparation is also a key part of the equation. A cyber incident response plan, alongside these fundamentals, equips businesses and employees with the relevant information and steps needed to mitigate an incident.
“While no one can predict when these types of attacks will happen, how well-prepared businesses are is 100% in their control,” Klingenspor said. “Like in sports, you play the way you practice. At Equifax, we spend a lot of time on preparation: educating our employees, red teaming, and holding crisis scenarios. That way, we’ve built our team’s response into muscle memory.”
Collaborating and maintaining transparency
According to Klingenspor, one of the biggest impediments to large-scale progress on cybersecurity is that most organizations are hesitant to speak publicly about cybersecurity, so they don’t speak up and collaborate.
“No one entity – a single business or a government agency – can win in cybersecurity by themself,” Klingenspor said. “We all must share best practices and knowledge to build up best-in-class protection. Partnership is the only way to truly keep businesses and communities safe.”
Companies, particularly those with more mature security capabilities, Klingenspor says, should speak up and share best practices: what’s worked, what hasn’t, and bring new ideas to the table.
“At Equifax, we’ve held security summits with our customers to speak openly about security and privacy; we’ve advocated for Members of Congress to adopt stronger cybersecurity legislation; we’ve held hundreds of ‘lessons learned’ briefings to give a helping hand to other organizations,” Klingenspor said. “Transparency is our standard.”
Leveraging the strengths of others
Cybersecurity is a team sport. There are so many vendors and third-party capabilities that are focused specifically on helping protect businesses – both large and small – and secure their information from cyber attacks.
“If you can’t build strong cybersecurity capabilities in-house, leverage the tech capabilities of others,” Klingenspor said. “There are great service providers out there who already have best-in-class security built-in and excel in areas like cloud security, fraud monitoring, and antivirus protection. Things that may seem elementary – like selecting secure providers for email or CRM platforms or point-of-sale devices – matter big time regarding cybersecurity. Even for a security program as large and sophisticated as ours, we also lean on the expertise of third-party providers in a host of areas across our environment.”
However, small business owners must know that third-party vendors add an additional endpoint.
“It is important to conduct a detailed assessment of the vendor before engaging with a new third-party,” Klingenspor said. “And you need to be sure to monitor their performance and security over time.”
Solutions like Markaaz, an all-in-one platform to help small businesses interact with suppliers and vendors verified to the highest standards, help companies mitigate risk and reduce their exposure.
Make cybersecurity a priority
Building a security-first culture, learning the fundamentals of cybersecurity, collaborating and maintaining transparency, and leveraging the strengths of others are the building blocks small business owners can use to protect their company from cyber threats.
“Take the necessary steps to secure the data you’re entrusted with,” Klingenspor said. “Embed security into the products you sell… train your employees in cybersecurity… set the tone at the top of the organization that security matters. Doing the right thing should be the expectation for every company.”
We appreciate Chris Klingenspor’s time and insights on cybersecurity, as part of our expert series. Learn more about Markaaz’s mission to support the growth of small businesses everywhere. Check out how Markaaz can help your business today.
Markaaz is the world’s first platform to enable verification, monitoring, and payments while connecting small businesses and the network of partners that support them. Through the Markaaz Directory of pre-verified businesses, an all-in-one Dashboard with integrated tools and resources, and a user experience supported by AI, Markaaz delivers accessible and affordable solutions to empower small businesses like never before. Recognized internationally by the World Economic Forum as a Global Innovator, founded by a team of world-class executives and advisors who have done this before, and in collaboration with strategic partners, Markaaz is driving equitable and inclusive solutions for small businesses around the world.
At Equifax (NYSE: EFX), we believe knowledge drives progress. As a global data, analytics, and technology company, we play an essential role in the global economy by helping financial institutions, companies, employees, and government agencies make critical decisions with greater confidence. Our unique blend of differentiated data, analytics, and cloud technology drive insights to power decisions to move people forward. Headquartered in Atlanta and supported by more than 11,000 employees worldwide, Equifax operates or has investments in 24 countries in North America, Central and South America, Europe, and the Asia Pacific region. For more information, visit Equifax.com
About Chris Klingenspor
Chris Klingenspor is SVP of Business Security & Security Risk at Equifax, overseeing the company’s governance, risk, and compliance initiatives. He previously served in leadership positions at Visa and IBM.