Cybercriminals do what they do for money, so why not make it unworthy of their time to attack your small or medium business?
Small- and medium-sized businesses (SMBs) are the lowest-hanging digital fruit and ripe for the picking--just read tech-media reports describing the latest data breaches and cyberattacks. For example, researchers at Verizon reported more than 40% of polled small businesses experienced some kind of cyberattack in 2019, with a cost per incident approaching $200,000.
That kind of financial outlay hurts, as money is already tight, competition is up, and SMB owners are struggling to stay in business. What's more, it's likely many SMB owners are wondering if it's even possible to be cyber secure.
SEE: Risk management policy (TechRepublic Premium)
Outsourcing IT and cybersecurity needs
Matthew Courchesne, head of channel at Kaspersky North America, offers recommendations in his Channel Futures article "How to Implement Cybersecurity to Fit a Company's Needs" to help SMB owners find the right amount of cybersecurity that's affordable while making their companies a less-likely target.
SMBs may have core security functions similar to enterprise-sized organizations, but Courchesne cautions, "It can be easy to get confused about what level of protection is needed for your business. The only way to understand a company's cybersecurity needs is to evaluate how the business works and the maturity of its IT."
Courchesne said most SMB owners outsource IT and cybersecurity needs to third-party vendors, including the following services:
IT and cybersecurity system maintenance;
installation of office applications;
purchase of corporate PCs;
management of protection by installing a security solution--devices and infrastructure; and
check for program updates and ensure that protection is always active.
SEE: Ransomware: Why SMBs are especially vulnerable to attacks (TechRepublic)
Tips on finding the right cybersecurity partner
Outsourcing cybersecurity appears to be the wisest choice for most SMB owners. "Small- to medium-sized businesses are aware of the importance of IT security, but they don't always have the same resources or technical ability to deal with them as larger enterprises do," says Adam Lloyd, president and CEO of North American MSP Pioneer Technology, in the Channel Futures article. "As a result, they expect their managed service provider (MSP) to act as a true security partner to point them in the right direction and ensure the technology they have in place will protect them and their data."
Courchesne explains what to look for when determining which is the best MSP for providing cybersecurity services. The first step is to look at the service provider's strengths and weaknesses. "If providers work only with cloud services ('born in the cloud' MSPs) or look to speed deployment to new customers and easily manage all clients through a single console, they will work best with cybersecurity delivered as-a-service that can be overseen through a cloud-hosted console," he writes.
Then there are service providers that have developed their own cybersecurity platform; this allows the provider to focus on customers who have a more complex IT infrastructure. "It's a good opportunity to provide flexible services for more-demanding customers, maintain SLAs, and be an expert in the eyes of the customer," Courchesne says. "In this case, the service company also needs to have appropriate talent in the team to manage advanced protection."
Like anything, there are advantages to either approach. "Providers delivering cloud security can focus on wider cloud services and extend their portfolio to include SMBs who are consuming SaaS services at a growing rate," Courchesne writes. "MSPs working with smaller businesses that have their own infrastructure can use their resources to develop advanced and scaled security services."
SEE: Vendor management & selection policy (TechRepublic Premium)
Don't forget about the quality of your cybersecurity solution
Regardless of company size, SMB owners and those responsible for the organization's cybersecurity should expect a quality product. According to Courchesne, "One that offers an inexpensive, compact solution that requires minimal resources for installation and management and continuously provides protection across all network devices."
For more information about SMBs and cybersecurity, read these articles by TechRepublic contributing writer Lance Whitney: How SMBs are overcoming key challenges in cybersecurity and How SMBs can better protect their data from cyberattacks.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Research: SMB IT stack decisions based on fulfilling business needs (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)