In 2020, RIS had the opportunity to collaborate with a small business specializing in delivering a SaaS product that catered to a select but dedicated customer base. The proactive business owner was keenly aware of the evolving cyber threats and reached out to RIS to assess and bolster the organization's security posture. The engagement kicked off with a comprehensive risk assessment focused on identifying critical information systems and evaluating the existing security controls.
Assessing this small business was a unique experience as it quickly became evident that the owner had a keen understanding of the importance of cybersecurity. Unlike many small businesses, two-factor authentication (2FA) was not just an option but a standard across the board. Audit logging mechanisms were robust and meticulously configured, offering deep insights into system activities. Capacity planning occurred regularly. Cryptographic controls were implemented expertly, securing data at rest, in transit, and during processing. It was an impressive setup that demonstrated the owner's commitment to security, making it an uncommonly smooth assessment.
Despite the laudable security infrastructure, one area of potential vulnerability emerged: the issue of key-personnel risks. Given the very small size of the business, the loss of specific skilled staff could result in significant operational disruptions. RIS laid out several options for mitigating this risk, including cross-training and automated fallback procedures. However, the owner made an informed decision to accept this risk, citing the tightly-knit nature of his team and the contingencies he had personally put in place.
This engagement with the SaaS Web-App small business was among the more straightforward projects for RIS, primarily because of the client's proactive approach to cybersecurity. It underscored the value of security awareness and preparation, elements that are often overlooked in small businesses.