Small businesses are the backbone of the economy. They employ the vast majority of Americans, keep communities thriving, and produce the lion’s share of innovations. Small business is the backbone of our way of life; that’s why it’s so troubling that SMBs often underestimate the risk of cyberattacks. Managed Service Provider’s (MSPs) should ask customers five questions to determine security needs.
What is a Managed Service Provider and how will they proactivly manage and protect your IT?
Research shows that 60% of SMBs close within six months of a cyberattack. That is a huge failure rate, especially considering that most attacks on small businesses succeed because these businesses have less expertise to invest in cybersecurity. New startups and entrepreneurs have little time and smaller budgets leaving a gap in protection.
To put it simply, a lot of small businesses overlook an existential threat to their livelihoods, and it’s up to managed service providers to change that. Hackers often aim at SMBs because they are perceived as easy — yet still valuable — targets.
The Tipping Point for Small Business Cybersecurity
The problem is not that SMBs are naïve. Most know that cyberthreats affect all businesses and put defenses in place on day one. They choose cloud solutions because they offer stronger and simpler security. Sometimes business will set up two-factor authentication on their email inboxes, which is great. All these are effective and important steps. The only problem is, the steps are incomplete.
When SMBs grow past 25 employees, they arrive at a cybersecurity tipping point.
At this size, it’s not just the founder dealing with important information; it’s the employees as well. An information network is developing as data travels back and forth, inside and outside the company. Simple security tools aren’t adequate to defend a system this complex and customized, causing many SMBs to fall victim despite feeling they’re protected.
In fact, 61% of all SMBs (and 70% of large SMBs) think hackers have more sophisticated technologies at their disposal than the SMBs’ own cybersecurity resources. Rather than accepting the risk of lax security or investing the input necessary for strong security, SMBs should seek managed security providers as they approach 20 employees.
The purpose of managed service providers is to make cybersecurity accessible, affordable, and reliable for even the smallest organizations.
The National Institute of Standards and Technology has created a cybersecurity framework, considered the gold standard for all industries, that’s broken into five components: identify, detect, protect, respond, and recover. Working out of the cloud can satisfy most of those requirements, but not the first (identify). Many SMBs simply are not aware of their true liabilities and, as a result, can’t fix them. This is where MSPs become invaluable.
Few small businesses have the resources to hire in-house cybersecurity experts. MSPs essentially offer an outsourced version of this expertise.
SMBs have someone they can rely on to identify strengths and weaknesses before creating a customized security strategy. Beyond that, MSPs answer questions, upgrade defenses, and analyze attacks. Ideally, MSPs provide whatever the client needs to round out an effective security strategy. That can’t happen, however, without first understanding the client.
5 Questions to Make Sense of Security
MSPs understand better than anyone that a one-size-fits-all cybersecurity strategy rarely, if ever, works. To tailor a unique strategy to each small business, start by asking them these questions:
• How well do you understand cybersecurity? MSPs are often called on to act as translators, taking confusing and complicated cybersecurity concepts and making them digestible for SMBs with limited technical knowledge. Fulfilling this role begins by first evaluating how well the business owner and team understand cybersecurity. The goal is to provide enough information without becoming patronizing.
• Where is your data kept? The answer is not as simple as it seems, as important information is rarely all in one place. Customer data is often in one database, whereas financial records could be in another. Understanding what information is important and where it is located can be crucial steps for understanding exactly which types of risks the SMB is facing.
• What would happen if data were disabled? MSPs need to understand what an attack would look like in order to prevent it. Asking the business owner to describe what would happen if critical data or applications went offline helps the provider address the most important IT and focus on the greatest risks.
• Do employees rely on personal devices? Many SMBs do not have bring-your-own-device policies in place. As a result, every smartphone and tablet used for work is a potential threat. MSPs need to understand how many personal devices are in use — and how they are being used. Devising a BYOD policy is a great way for MSPs to create value for clients.
• What do you consider the biggest threats? Just because SMBs may be less informed about cybersecurity doesn’t mean their insights are irrelevant. Business owners know their enterprises better than anyone else, and they have the best memory of any past cyber issues. Learn what the business is worried about and why. As much as possible, adapt the security strategy to address those risks specifically.
With more than 30 million SMBs in the U.S., effectively protecting everyone is a tall order. It is possible, however, to properly train MSPs with cybersecurity knowledge. Take time to equip them with proper application of risk assessment and strategy. This allows them to adequately build effective cloud-based environments to help secure most small businesses. I guarantee MSPs are up for the challenge.