Cybersecurity for Small- to Mid-Sized Businesses: What to Consider When Evaluating Your IT Security

If you think cyberattacks primarily target large corporations for a bigger payoff, think again. The Verizon Data Breach Investigations Report (VDBI), showed that 71% of attacks actually hit small to mid-sized business (SMBs), specifically ones with fewer than 100 employees.

Sadly, it’s easy for SMBs to be cybersecurity ostriches, hiding our heads in the ground and ignoring the looming risks. Robert Siciliano, security expert for McAfee, said most SMBs “typically don’t have the resources to secure their networks to the degree a large enterprise would. But the information on their networks—and access to their bank accounts—still makes them a big target.” McAfee competitor Symantec offered similar findings, confirming over 80% of the SMBs they surveyed have no formal cybersecurity plan in place.

It typically comes down to a resource issue. Large companies and corporations invest heavily in security, significantly lowering their risk of attack. SMBs on the other hand, don’t feel they have the budget or capacity, and so they very often don’t commit the resources to properly safeguard their networks and data. With customer information and operations-dependent data exposed, SMBs are seen as sitting ducks for cybercriminals. Simply put, those businesses which understand the threats that inadequate cybersecurity poses tend to invest heavily. Those who don’t, don’t.

Here’s a quick lesson for those less versed in the world of cybercrime. The average cost of an SMB-targeted cyberattack is reported to be close to $200,000—and that’s not even the most daunting statistic. The National Archive & Records Administration in Washington D.C. estimates that 93% of SMBs that lose data for 10+ days file for bankruptcy within one year. That’s 9 out of 10 businesses defunct within a year of an attack. But most don’t wait that long. Half will file immediately.

With the increasing risk of cyberattack converging with the increased availability of customer information and data, SMBs can no longer bear the risk of delaying the implementation of security safeguards. We’ve found there are three obvious and immediate things SMBs can do to get in a secure mindset, and start protecting themselves:

• Think like hackers.
  Ask yourself: What assets would someone target that, if lost, would cripple my operations? What intellectual property and trade secrets give me an advantage over competition, or differentiate my company in the marketplace? What customer information do I have that is personally identifiable? Am I storing customer credit-card information? Try to pinpoint those obvious vulnerabilities and desirable targets. Build an awareness of your key data that will require higher security. Ideally, these questions will reveal certain measures you can take to protect your organization, its data, and technical infrastructure.
• Clean-up your code.
  Many commercial applications use open-source code as components, and that code often gets customized in-house by your IT staff to meet industry or company-specific processes. This poses multiple problems, the first of which are vulnerabilities in open-source code. Because the code is widely available, so are its weaknesses. Even more, those code snippets inserted by your IT staff for customization are likely grabbed from somewhere online to shortcut in-house development time and energy. But unverified code often contains open doors and loopholes that allow entry for hacking, such as SQL injection and similar malicious attacks. We’ve often found that our high-risk clients were in desperate need of a code clean-up. A lot of security risk can be avoided if clean-code is used during initial development. If you’re already down the river a ways, you should turn to an outside company for help.
• Leverage Support.
  Most small organizations can’t afford to build sophisticated IT teams and security systems, despite needing them just as much as the big operations. We suggest SMBs explore Managed IT Service Providers (MSPs), or Security-as-a-Service (SECaaS) providers . Creating a partnership with such an organization typically reduces the costs associated with maintaining security and stability, and doesn’t redirect (or sacrifice) staff that should be focused on the business’s core competencies. In short, businesses that partner with an MSP get immediate access to a full range of IT staff who have a variety of industry knowledge and expertise. This offers small businesses peace of mind, and relieves the uphill struggle and cost associated with building and maintaining IT skills in-house. This is a serious benefit in the rapidly changing and specialized field of cybersecurity.
  • Note: If you have not already partnered with a Managed IT Services Provider (MSP), see our report Nine Key Criteria for Selecting a Managed Services Provider for guidance on what to look for as you weigh the options.

At Dynamic Quest, we differentiate from other managed IT service providers with our commitment to industry-leading, best-in-class cybersecurity protection as a core part of the services we provide. We employ Unified Threat Management (UTM), an all-in-one security solution and model, to ensure our clients have a fully-integrated, multifaceted approach to protect themselves against network threats. We invest in and provide these optimized and more secure solutions as a base component of our managed services because we believe that our clients’ IT infrastructure and business continuity is too important to leave to less-than-optimal cybersecurity measures. We also provide targeted security managed and Security-as-a-Service (SECaaS) plans to laser-focus efforts on keeping your network and environment safe.

If you’re exploring options, or simply want to know more about the state of your security, give us a shout. For a free, and truly no obligation cybersecurity consult, contact us through the form below. We’ll get in touch and set up a time to review your current infrastructure, and may include a network security scan and review for pin-pointing those security risks specific to you and your company. We’re happy to help any way we can.

As always, stay safe out there.