All business must pay the price
Whether you are the CEO of IBM or a one-person e-commerce startup, the security of your IT infrastructure is imperative for sustainability of business operations. Unquestionably, small to medium-size businesses (SMBs) and large enterprise function on different levels. One factor that they have in common, however, is paying the price for keeping their data and network secure from all forms of cyberattack. The difference between corporations and SMBs in this regard? Google thinks nothing of spending millions of pounds securing their technology. SMBs, on the other hand, don’t have a bottomless pit of money and human resources to fall back on.
It’s a known fact that SMBs are increasingly falling prey to the antics of cybercriminals. Hackers are fully aware that small businesses are limited to a tight budget and have less in-house IT expertise than their corporate counterparts. Moreover, SMBs often have contracts with large companies that provide inventory and services and store sensitive data of their suppliers on local servers. Cyber crooks know this too and use SMBs as a backdoor to access the critical information of corporations.
The price needn’t be sky-high
As the owner of an SMB, you acknowledge that sensitive data must be secured and the cost thereof factored into your yearly budget. The good news for SMBs is that the price for network security needn’t be sky-high, even for companies with significant financial constraints. Also, you can save money without cutting corners on the integrity of your precious technology systems.
Too often, SMBs cut the wrong corners to save money on IT security. They adopt the break/fix mentality, only relying on expensive on-call engineers to get business up and running when things break. This approach is costly and time-consuming; we all the negative impact of downtime on revenue, client retention and company reputation.
Making the right choices for your IT security not only means that you’ll save a bundle, but you’ll have a network that is reliant and protected from cyber attack. There are several ways I which you can take a smarter approach to security: prioritise, enforce, educate, migrate and be realistic.
Prioritise
Your business has unique, critical assets that underpin all critical operations. You need to ascertain exactly what these assets are, seeking the help of knowledgeable staff, focused team members, and outside consultants. Contemplate these questions for a moment:
- The loss or theft of which company data would spell catastrophe for your operations?
- If your network was compromised, what is the expected duration of downtime and limited business functioning?
- Which potential threats and vulnerabilities pose a consequential risk to your company and clients?
A good start would be to focus on the most likely risks, not the theoretical, ‘what if’ or ‘it could happen’ potential threats. Asking and answering the above questions honestly and comprehensively will give you a complete perspective on the state of your IT infrastructure. Using this, you and your IT team can decide how to intelligently deploy available security resources.
Enforce
Most SMBs have policies in place that provide guidance, direction and protocol for workplace behaviour with respect to network and systems access and use, and, most importantly, data protection and security. Unfortunately, they also make the mistake of not enforcing these policies and consequently the company IT infrastructure is a risk from inappropriate employee usage. Your IT policy needs to be rigorously and proactively managed; updated regularly in order to encompass new technologies and cultural shifts. For example, a procedural document created prior to the days of Facebook, Twitter, Instagram or LinkedIn is not current and does not apply.
A wise strategy is to appoint a representative to manage and enforce such a policy. Ideally, this could be an IT department team member, although an executive would work just as well. This individual should train and inform staff about good practices pertaining to network and data security. Your employees should be aware that your IT security procedures were not documented merely to be shelved. They must be held accountable if they fail to adhere to the policy. In these times of BYOD (Bring-Your-Own-Device), it is paramount that employees acknowledge what can and cannot be done using personal technology for work purposes.
Educate
The person assigned to managing your IT security policies should take responsibility for providing end-users with training and support. Countless security breaches stem from employees being oblivious to cybersecurity threats. Breaches occur when employees fail to recognise phishing schemes, use weak passwords, open email attachments from unknown senders and do not exercise caution when accessing public Wi-Fi networks when using BYOD technologies. All these vulnerabilities can be significantly downplayed with appropriate education and instruction.
Migrate
SMBs are increasingly opting for cloud computing and virtualisation and running in-house servers proves costly, especially for start-ups. The cloud enables small to medium-sized businesses with limited financial and human resources to take advantage of storage and network capabilities, scalable on-demand as a business grows. The advantages of switching to a virtual environment are plentiful: reduced spending, easy backup and disaster recovery (DR), improved business continuity (BC) and an efficient means of operating and maintaining your IT infrastructure.
A major plus of using a cloud operator is that they will have built-in, inclusive security features. This immediately removes the stress of your IT engineers having to maintain your IT security. In a nutshell, leveraging the cloud means your SMB can cut costs while strengthening the security of your network.
Your local Managed Service Provider (MSP) will have the knowledge and expertise to recommend a cloud and virtualisation solution to match the needs of your SMB. You can outsource most of your IT security burden to the MSP who will provide remote monitoring, timely maintenance and apply RMM (Remote Monitoring and Management) software for enhanced safety and security.
Be realistic
Does perfect and holistic security in IT exist? No, it doesn’t. SMBs that strive for perfection in this regard usually end up paying a high price. Improving your response time to breach is a more sensible way to allocate IT expenditure. Although it can take hackers several months to figure out the workings of your network, once they’re in, they’re in. Being able to rapidly detect an instance of hacking and mitigate any potential damage is a viable approach. Being proactive is a realistic and less expensive security strategy than the notion that you will be able to complete negate the threat of a hacker breaching your system.
