CRI Advantage
  • ServiceNow
        • Consulting and Implementation
        • NowAdvantage
        • ElevateNow
        • ServiceNow Products
          • IT Service Management
          • IT Operations Management
          • IT Asset Management
          • Field Service Management
          • Security Operations
          • App Engine Studio
          • Customer Service Management
          • Strategic Portfolio Management
          • Governance, Risk, and Compliance
          • HR Service Delivery
          • Now Assist
          • AI Control Tower
          • AI Agents
  • AI Solutions
  • Industries
        • Energy & Utilities
        • Financial Services
        • Healthcare
        • Logistics
        • Manufacturing
        • Public Sector
        • Service Providers
        • Telecom, Media, & Technology
  • Blog
  • About Us
    • Leadership Team
    • Our Clients
    • Resources
  • Careers
  • Contact Us
  • Menu Menu

Where does a Small Business Start with Cybersecurity – Part I

Where does a Small Business Start with Cybersecurity – Part I

Where does a small business start with cybersecurity? Cybersecurity is a vital component of any small business strategy. However, it may feel overwhelming if you’re just starting the process of securing your business’s data. This post is the first in a series to help small businesses challenged with securing their organization and services.

Searching through the volumes of information on the Internet, I encountered many suggestions, recommendations, guidelines, and steps on those first steps. While all excellent places to begin, I am going to start with no-cost and foundational recommendations.

Where Does a Small Business Start with Cybersecurity?

Today, we’re going to focus on the importance of establishing a cybersecurity owner for your business. This individual needs to be at the executive level and must be accountable for the business’s cybersecurity.

2. Understand Why a Small Business Needs a Dedicated Cybersecurity Owner

The reasoning is straightforward. Every business is different, and cybersecurity goals, components, tools, and methods needed to secure the business will vary and change as a company matures and evolves. What is needed to secure your business is a unique question to be clarified and answered. Like all nebulous tasks and projects without an owner, nothing will be achieved without an owner who can drive and maintain the program. A singular, accountable owner must be assigned to address and promote this answer for the business.

Designating an executive as the owner is the first fundamental step in resolving the question.  Without a clear owner, no security or compliance effort will be taken seriously, and no progress or success realized. Every action and project will be seen as flaying with whack-a-mole responses to incidents and breaches. I explicitly state an Owner must be an executive and not necessarily dedicated cybersecurity professional.

“Securing the business” is not a singular task or project. It is a strategic and tactical process that changes as the business grows and matures. A Non-manager or Individual Contributor will not have the experience nor knowledge to understand the requirements of securing the business. This choice makes as much sense as having an entry-level engineer manage the strategic direction of a critical Development organization. The Owner must have a companywide understanding of the business, goals, organizations, assets, and essential components/data.

For Small and Medium-sized Businesses (SMB), it is very real not to have a designated or dedicated owner for cybersecurity and little to no cyber expertise on staff. A natural progression is to add on or expand the duties/job description of an existing Information Technology (IT) resource to include cybersecurity.

3. A Small Business Can Use Existing IT Personnel to Manage Cybersecurity.

This choice is a well-trodden path filled with missteps and hazards.

Although it seems logical to designate the IT Manager/Director/CIO as the Cybersecurity Owner, they may not have visibility or awareness of non-IT areas across the entire business and organization to understand what, where, and how services need to be secured. Yet, while IT could be a fallback choice, and often is, IT is focused on technology issues, solutions, and remediations which means they do not prioritize non-IT cybersecurity risks and issues.

I recommend designating your CFO or accounting executive as the Initial Cybersecurity Owner since they know where all the fiscal bodies are buried. Every CFO must know and understand what, where, when, who and how company funding and expenditures are being made and spent. They are familiar with critical assets, risks, compliance, commitments, goals, and business growth. This comprehensive knowledge is vital in the initial creation and establishment of a Cybersecurity program.

It’s important to note I am not suggesting the CFO should or needs to be the final and ongoing owner of cybersecurity but they are the reasonable choice for initial ownership. The CFO has significant “skin in the game” with respect to the success and failures of the company’s cybersecurity program.

Cybersecurity ownership progression may be a rapid and logical transition of ownership from CFO to CIO/CTO to CISO as a business matures the security posture of its resources, requirements, commitments, and challenges.

One of the first steps of this cybersecurity ‘owner’ should be to establish a cybersecurity budget. Below is a link to my budget template to help you get started.

Click to Get the FREE Cybersecurity Budget Template

Now that you know the steps to take your small business can get the best start to strong cybersecurity practices. We hope our template is of use and our CRI CyberADVANTAGE is available to provide Advisory and Consulting Services.

Share This Post

  • Share on Facebook
  • Share on X
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail

More Like This

Workers In Office Looking At Technology

Uncovering the ServiceNow Zurich Release: What You Need to Know

CRI
https://criadvantage.com/wp-content/uploads/2025/10/Workers-in-office-looking-at-technology.jpg 1250 2000 Abstrakt Marketing /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Abstrakt Marketing2025-10-09 12:47:452026-04-02 09:00:59Uncovering the ServiceNow Zurich Release: What You Need to Know
A Beginner’s Guide To Agentic Ai

A Beginner’s Guide to Agentic AI

CRI
https://criadvantage.com/wp-content/uploads/2025/07/A-Beginners-Guide-to-Agentic-AI.jpg 1250 2000 Abstrakt Marketing /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Abstrakt Marketing2025-07-08 06:41:372026-04-02 09:01:03A Beginner’s Guide to Agentic AI
Smiling Male Employees Discussing Cooperation Planning

How ServiceNow Supports Scalable IT Solutions for Growing Businesses

CRI, Scalability
https://criadvantage.com/wp-content/uploads/2025/04/Smiling-male-employees-discussing-cooperation-planning.jpg 1250 2000 Abstrakt Marketing /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Abstrakt Marketing2025-04-04 09:19:322026-04-02 09:01:04How ServiceNow Supports Scalable IT Solutions for Growing Businesses

5 Signs Your Business Needs a Virtual CISO

Cyber Security
https://criadvantage.com/wp-content/uploads/2024/12/Blog-Format-16-1-1.jpg 800 1200 Nate Riggins /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Nate Riggins2024-06-25 18:20:492026-04-02 09:01:095 Signs Your Business Needs a Virtual CISO
CRI wins servicenow partner award

CRI Advantage Honored as ServiceNow’s Consulting and Implementation Partner of the Year – Premier Segment, Americas Region

CRI, Press Releases
https://criadvantage.com/wp-content/uploads/2024/12/ServiceNow-Partner-Winner-Cover.png 800 1200 Nate Riggins /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Nate Riggins2024-02-28 19:14:082026-04-02 09:01:09CRI Advantage Honored as ServiceNow’s Consulting and Implementation Partner of the Year – Premier Segment, Americas Region
romance scams

2024 Valentine’s Day Scams

Cyber Security
https://criadvantage.com/wp-content/uploads/2024/12/Blog-Format-16.jpg 800 1200 Nate Riggins /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Nate Riggins2024-02-14 04:50:572026-04-02 09:01:102024 Valentine’s Day Scams
Top 5 Cybersecurity Predictions for 2024

Top 5 Cybersecurity Predictions for 2024 

Cyber Security
https://criadvantage.com/wp-content/uploads/2024/12/Blog-Format-13-1-1.jpg 800 1200 Nate Riggins /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Nate Riggins2023-12-01 00:30:482025-01-09 12:53:30Top 5 Cybersecurity Predictions for 2024 
Press Release: CRI Advantage Achieves Recertification for ISO 27001:2022, ISO 9001:2015, and ISO 20000-1:2018

CRI Advantage Achieves Recertification for ISO 27001:2022, ISO 9001:2015, and ISO 20000-1:2018 

CRI, Press Releases
https://criadvantage.com/wp-content/uploads/2024/12/Press-Release-1-1.jpg 800 1200 Nate Riggins /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Nate Riggins2023-11-21 22:10:542025-01-09 12:56:57CRI Advantage Achieves Recertification for ISO 27001:2022, ISO 9001:2015, and ISO 20000-1:2018 
blackfriday cybersecurity scams

Navigating Cyber Monday Deals Safely in the Face of Top Cybersecurity Scams

Cyber Security
https://criadvantage.com/wp-content/uploads/2024/12/Blog-Format-12-1-1.jpg 800 1200 Nate Riggins /wp-content/uploads/2024/11/CRI-Logo-Transparent.-blue.png Nate Riggins2023-11-21 21:48:232026-04-02 09:01:10Navigating Cyber Monday Deals Safely in the Face of Top Cybersecurity Scams
Previous Previous Previous Next Next Next

Categories

  • Agentic AI
  • AI Solutions
  • Board Member
  • CMDB
  • CRI
  • CSM
  • Cyber Security
  • Digital Transformation
  • Events
  • Generative AI
  • Human Resources
  • IT Staffing
  • ITOM
  • ITSM
  • Miscellaneous
  • Podcasts
  • Press Releases
  • Scalability
  • ServiceNow
  • ServiceNow Releases
  • Software as a Service
  • TPSM
  • vCIO
  • vCISO
  • Webinars
Cri Logo Transparent. Blue

ServiceNow IT solutions tailored to your industry-specific needs.

Learn More

Stay Connected

Youtube (1)

Reseller Partner Of The Year Americas Specialist  Ci Partner Of The Year Americas  Validated Practice Badge ItsmCsm Badge Elite White 2593f49e1d

What We Offer

ServiceNow Solutions

AI Solutions

IT Solutions

Industry Solutions

Contact Us

520 Energy Place
Idaho Falls, ID 83401

(208) 343-9192

[email protected]

Website by Abstrakt Marketing Group ©
  • DCAA COMPLIANT | DOD TS & DOE Q FCL | CAGE CODE: 1HBW0 | DUNS: 608143277
  • Privacy Policy
  • Sitemap
Scroll to top Scroll to top Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

AcceptLearn more

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Accept settingsHide notification only