Microbusiness Cyber Essentials (MCE)
Enterprise cybersecurity solutions are expensive and require technical expertise, which makes them impractical for microbusinesses (0-9 employees). Managed Service Providers (MSPs) can provide IT and cybersecurity for significantly less money than an enterprise solution but costs still add up quickly-- $150 per month per user or device for bundled IT and security services would not be unreasonable.
For many microbusinesses—and even some small businesses—that cost is simply too high. The result is a huge number of businesses without adequate protection, vulnerable to ransomware, spyware, malware, and other forms of cybercrime.
When a business grows to a certain size or reaches a certain revenue stream, hiring a MSP starts to make a lot of sense. I hope your business reaches that point! But until then, you still need cybersecurity and it needs to fit your budget, your workflows, and your time constraints.
Existing Solutions Don’t Quite Fit
There have been attempts to help microbusinesses improve their cybersecurity posture. A notable example is the Cyber Essentials program from the UK National Cyber Security Centre (NCSC). Unfortunately, Cyber Essentials is only available to businesses in the UK, and it hasn’t been meaningfully updated since 2014. As a result, it does not adequately address several modern threats that have emerged over the last decade.
In the United States, the closest equivalent is the Cyber Readiness Institute’s Cyber Readiness Program. While well-intentioned, it is incomplete and assumes cybersecurity will be managed by an employee with existing IT knowledge who takes on security in addition to their regular job. It is not designed for microbusinesses, where that assumption simply doesn’t work.
Some Good News
Cybersecurity for microbusinesses does not have to be bleeding edge to be effective.
The NCSC estimates that microbusinesses that focus on cybersecurity fundamentals--and do them well--are 92% less likely to file a cyber insurance claim. That's really good news! Even better: those fundamentals don't have to be expensive.
Introducing Microbusiness Cyber Essentials (MCE)
Because NCSC's program is both outdated and limited to businesses in the UK, and because there aren't any practical alternatives for microbusinesses here in the United States, Blue Smoke is launching Microbusiness Cyber Essentials (MCE) to help solopreneurs and microbusinesses find the balance between comprehensive security, convenience, and cost, that fits their workflows and budget.
The program will be offered in the following three tiers, and rolled out in phases. Be sure to sign up for the newsletter to hear about updates as they launch.
MCE: Core
MCE: Core covers seven foundational categories of security that can dramatically reduce the likelihood of becoming a victim of cybercrime—or reduce the impact if the worst happens.
- Account management
- Malware protection
- Update management
- Backups
- Networking (firewalls and VPNs)
- Secure configuration of accounts, services, and devices
- Threat awareness
Implementing MCE: CORE means that your computers, devices, and cloud services are secured, your accounts are secured, your network is secured, critical data is backed up, systems are kept up to date, malware is actively checked for, and you’re informed about emerging threats and trends that may affect your business.
MCE: Plus
MCE: Core provides a strong foundation, and on its own it will significantly reduce your risk, but there are ways to improve your security even further while still keeping cost down.
MCE: Plus builds on Core by enhancing network security, developing clear procedures to follow when malware or cybercriminals strike, and increasing your security awareness by providing tailored guidelines for how to respond to common situations, such as:
- Receiving a PDF attachment
- Getting an alert to reset an account password
- Handling suspicious emails or messages
MCE: Pro
Businesses that complete MCE: Plus have strong account, device, and network security. They manage updates and backups properly, and they have written checklists for responding to incidents and reducing risk during everyday tasks.
At this point, they’re doing very well.
MBE: Pro is designed to make them as secure as possible without the cost of a full MSP. It introduces:
- Monitoring and alerts
- Secure remote access and conditional access policies
- Testing backups and response procedures
Phases
Blue Smoke will roll out MCE in phases, with the goal of doing each stage thoroughly before moving on to the next.
Phase 1: MCE: Core Library
Phase 1 focuses on building a free knowledge base covering all MCE: Core topics. This will include informative articles, how-to guides, and instructional videos. This phase is designed to give microbusiness owners the knowledge needed to implement MCE: Core on their own.
As a fellow microbusiness owner, I understand how valuable your time is—and how expensive running a small business can be. Phase 1 prioritizes minimizing monetary cost, but at the expense of your time. You’ll implement the controls yourself, but the Core library will always provide free resources to help you.
This can seem like a lot, but don't be intimidated! Security is a process, not a product. You don’t have to do everything at once. Implementing MCE: Core gradually, a few small steps at a time, can have a large cumulative impact.
Phase 2: MCE: Core Services
In Phase 2, Blue Smoke will begin offering services to help businesses implement MCE: Core. In-person services will be available for those locally or willing to cover travel costs, and remote services will be available for everyone.
Financial costs will increase in this phase, but Blue Smoke will handle the tedious, time-consuming work.
Phases 3 and 4 : MCE+
Phase 3 provides the Microbusiness Cyber Essentials Plus (MCE+) Library and how-to guides, and Phase 4 will include in-person and remote services for MCE+.
Phases 5 and 6: MCE: Pro
In Phase 5 we will introduce the Microbusiness Cyber Essentials Pro Library and guides, and in Phase 6 we will offer services for MCE: Pro.
Timeline
Microbusiness Cyber Essentials is an on-going project that is constantly being developed. We are currently in Phase 1 so check out our library and sign up for the newsletter to get updates as things become available.