If you are like nearly 90% of small and medium size business owners, you probably have said or at least thought “what are the odds that a security breach would happen to me?” According to a 2018 study by the Ponemon Institute, 67% of small and medium size businesses have experienced a cyber-attack in the past year and 58% have been victim of a data breach in that same time frame. That same study found that the average cost of a breach is nearly $3 million. That cost may seem difficult to believe, but when you factor in staff and production downtime, loss of top customers, reputation damage and investigation and remediation of the event that number starts to feel all too real. The scary part of this is that hackers are shifting their attention to small and medium size businesses because they often lack the knowledge, desire and ability to implement defensive security measures.
So what should an owner do when 47% don’t know where to start to improve their security and 74% believe they don’t have the personnel to implement a good plan? Talk with a qualified IT Managed Service Provider to get some help. The key to finding a qualified provider is to make sure they have completed an internal security assessment and have an active internal security plan for their own business. This is critical as Managed Service Providers are becoming active targets by hackers as many have not implemented security plans and thus provide fertile ground for hackers to reach many small businesses all at once.
Three critical actions that any business should take immediately are:
- Perform a comprehensive security assessment
When talking with managed service providers about security assessments, do not just focus on the IT portion of security. Make sure you talk about your physical security, your security policies and your partners security. Applied Tech has partnered with Security Studio, a recognized leader in security assessments. They provide tools to assess your personal security and your business’ security. They have even gone so far as providing FREE access to their security assessment tool. Feel free to sign in and try it out. Make sure that anyone you talk with has a tool that is this comprehensive. The benefit of an assessment is that it will give you a clear path to where you should concentrate your efforts to improve your security.
- Train your staff on security practices.
Train your staff on basic security practices and teach them how to recognize a phishing email. A 2018 Verizon study found that over 92% of data breaches start with an email attacking the most vulnerable part of any network – the end user.
- Implement a multi-factor authentication process for your email and line of business applications.
Multi-factor authentication is the practice of asking the user to provide an active approval to login after your user ID and password has been entered. This is typically done through a text, email or authentication app on your mobile device. This means that even if someone stole your ID and password they cannot login without your approval first.
If you are among the 74% that don’t feel you have the personnel to improve your security, don’t feel bad. Security is a complex endeavor and you need people that are specialists. Applied Tech has a team dedicated to our internal security and that of our customers. We would be glad to talk with you about your security concerns and help you create a security plan that matches your business needs.
In addition to security, Applied Tech provides a fully outsourced technology solution, TechCare Complete, that provides expertise to address your complete technology needs. If you are not ready to make that kind of change, we also offer TechCare Co-Managed that provides all the tools and expertise to augment your IT team’s needs. Contact us to learn how one of these solutions can benefit your company.