Assessing Security

Growing cybercrime threatens every business today. Juniper Research estimates that the total global cost of cybercrime will exceed $2 trillion by 2019, and the CEO of IBM describes cybercrime as “The greatest threat to every company in the world.”
Large enterprises protect and defend themselves with huge security teams, expensive technology and disciplined processes. However, most small businesses cannot afford that, and according to the U.S. census bureau, that leaves 99.7 percent of all U.S. employer firms at a huge security disadvantage. Even more alarming is the lack of certified security engineers available in the job market.

Several times each year we attend conferences to discuss industry trends, both good and bad, with our peers in the information technology support industry. Of the nearly 600 plus companies in attendance, only a handful had what most would consider a mature security practice.

In the past, I have written about the various ways your network and personal data is subject to theft and manipulation. Whether through Phishing attempts or ransomware and brute-force attacks there is a myriad of ways to infiltrate a network. Common security best practice recommendations, to name a few, would be training users to identify malicious emails and attachments, as well as implementing next generation firewall devices and anti-virus.

The latest generation of security products, such as firewalls and anti-virus, communicate with one another to identify, isolate and eradicate malicious files. However, even the newest solutions are not perfect and vetting what files are actually malicious versus those that are safe “false positives” can create a lot of overhead. Proper vetting of security threats requires human analysis otherwise you end up with safe files incorrectly blocked, creating delays and missed deadlines.

Without the deep pockets of enterprise organizations, small business owners must find other ways to mitigate these security issues, as well as the overhead of hiring security experts. After all, the size of a business does not dictate the importance of the information they are responsible for safeguarding. Including, but not limited to, intellectual property and customer data. As a result, business owners should consider outsourcing the full spectrum of their security needs in the same manner as their network support. There are a number of firms offering outsourced security information and event management services at a fraction of the cost of a fully burdened security expert’s salary.

I would caution any non-technical small business owner from trying to address their company’s security vulnerabilities alone. Depending on your industry, it is possible you are already non-compliant in a number of government-regulated areas, which is always a challenge given how quickly technology and the ability to abuse it changes. Do yourself a favor and discuss your security with a trusted IT advisor.