It feels as if not a day goes by without cybersecurity making headlines on the national news. Not only does the number of large-scale breaches continue to increase, incidents of cyberespionage are playing out on the political stage and user passwords are distributed throughout the dark web for hackers to leverage against us (enter your email on this site if you think your account may be among those compromised).
With all this in mind, IT companies like MyITpros are beating the drums of stronger passwords, encryption and more powerful security tools. As a business owner, you might feel a sense of dread as you begin to wonder, “How do I keep up with all the threats?” And much like at the end of an intense election season when you just can’t take another article about the political divide, you might be starting to feel fatigued by the seemingly always-talked-about topic of cybersecurity. However, if you want to keep your small business safe, you can’t afford to sweep cybersecurity under the rug. The good news is that managing cybersecurity risks will feel less mysterious and more doable once you read the rest of this article.
Gauge your risk profile
As with any potential business risk, you need to really think through your risk tolerance profile with regard to cybersecurity. After all, you’re a business owner with a lot on the line, so it’s imperative to sit down and consider what a breach, a virus outbreak or another type of security incident would do to your organization. Here are some questions to help you get started:
- Do you lose money when your computers or servers are offline? If so, how much?
The answers to these questions should drive your security approach. Keep in mind that the most common security incidents are caused by harmful software (virus/malware) that results in downtime to a computer. Your efforts to prevent this should be in direct proportion to the cost of this computer being out of service for several hours.
- Does your organization fall under regulatory compliance? If your business holds protected data, a breach can be much costlier due to fines that may be imposed upon you for not complying with industry-specific regulations.
- Would your company be considered a high-value target? Real estate and title companies have seen a surge in email fraud around wire transfers because they routinely process financial transactions and have data that hackers could misuse for profit. If those descriptors apply to your business, you’ll likely be high on a hacker’s list.
- Are profits, growth and expansion more important than security? Believe it or not, some startups willfully run with limited security because they have calculated that the cost of a breach is cheaper than the cost of implementing a comprehensive security plan.
- Do you have competitive data? Copyright information, patented processes, competitive advantages and classified government information are all examples of valuable business data that hackers could be coming after.
Once you figure out where your organization sits in terms of risk, you’ll need to determine your security posture as a business owner. This is by no means a cut-and-dried decision—I’ve met business owners in the same industry that take very different approaches to their cybersecurity investment. Again, it’s your business, and you likely got here by having a certain amount of tolerance to risk.
Invest in security tools
Just like your company’s risk profile, your security investment may vary based on a wide range of factors. If you’re not sure how your current security strategy holds up, reach out to an IT company for a free assessment that can give you a quick high-level view of where you might be vulnerable.
When you partner with MyITpros, the security products listed below are all available through our security services. (Note that while some of these vendors will work directly with your company, others require you to go through a managed services provider.)
- 2 Factor Authentication – Duo Security
- End User Cyber Security Training – KnowBe4
- Network/Web filtering – Cisco Umbrella
- Endpoint Security – Webroot/Malwarebytes Pro
- Dark web research – ID Agent
- HIPAA compliance and training – HIPAA Secure Now
- Email encryption/Archiving – Reflexion/Sophos
- Data security/Backup – StorageCraft
- Device level encryption – Beachhead Solutions
If you want to gauge the strength of your current small business security setup, MyITpros is happy to help you out. Download our free security questionnaire, fill it out, then contact us for a free security consult!