By Peter Johns, Empower Information Systems, Inc.
Many small and medium-sized businesses (SMBs) don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor. SMBs are commonly vendors, suppliers or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.
Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they have been after.
Cybercriminals target companies with 250 or fewer employees
Since 2012, Symantec research confirmed that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security and certain compliances such as NIST, HIPAA and PCI. This requires an honest assessment of the processes taken to limit security risks.
View security measures as investments
CIOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.
Would-be business partners have likely already asked for specifics about protecting the integrity of their data. Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding, so it is important that answers aren’t fudged just to land new business. If you cannot answer “yes” to any question about security, find out what it takes to address that particular security concern.
Where a Managed Service Provider comes in
Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.
An MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training and audits as well as technical controls like antivirus software, firewalls, patches, compliance and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.
Peter Johns is director of business development for Empower Information Systems, Inc., an information technology MSP that assists small, medium and large-sized businesses with comprehensive technology services and consulting. Johns can be reached at 757-273-9399 (w), 757-871-5662 (c) or by email at email@example.com. Visit Empower Information Systems at www.empoweris.com and request a complimentary network security risk assessment.