“My business is too small to be a target.” “My service provider looks after my information assets for me” “My customers aren’t at risk because they aren’t linked to my IT network” As an SME owner you cannot afford any loss in core service, reputational damage, or loss in revenue. And yet most of us assume that our customer database, or ERP system is safe and secure on a private server environment. And that this environment is being looked after by experts.
Ding-dong-ding-dong go the alarm bells. Fact is, anything available on the internet, or through an internet connection, is publicly accessible to anyone. Period. Your data, customer’s credit card and banking details, your business confidential IP, processes and systems are all vulnerable to exploitation. According to a recent study, “… 10% South African private sector businesses have experienced a cyber attack in the past year.”
If Microsoft and the CIA can get hacked, you’re a sitting duck. So why is it that there is very little understanding out there of the importance of network security? Why is that with all the spectacular headlines hitting the press of the latest hack-jobs that we still misunderstand the risks and what to do about them?
More importantly, why should you as a SME owner even care? Well, a breach in your network or data security could lead to:
• Severe damage to company reputation and customer trust
• 1000’s of ZAR in penalties and fines – Think POPI
• The potential infinite cost of personal data loss/compromise
• Temporary or Permanent Closure
Here are 3 guiding steps to follow to secure your network and sustainability as an SME:
1. Understand your business’ IT network
What are your critical systems, processes, and applications? How secure are these elements? If most of them are cloud-based, speak to your service providers for detail around their security policy and structure/s and get assurances for yourself.
First thing I would do: Conduct a vulnerability assessment (VAScan). There are loads to choose from either via DIY online download (If you have a bit of tech know-how), or through specialised security “SP’s” (Service Providers). This will help you see the kinks in your armour, and you can then formulate a plan to iron them out.
2. Get to grips with having to pay a bit of money
Network security is not a grudge purchase. Think about the cost of network downtime, POPI non-compliance, or reputational damage due to data leakage? Most service providers out there bundle security services with internet connectivity. This is essentially a diluted value proposition at a specialist price, with little recourse available when the chips are down.
I would google and draft a list of specialised network security providers and investigate the services they offer. Criteria to look out for:
• Depth of specialization in security
• Capability and reputation
• Management tools, dashboards, and reporting
• Support model
• Ease of joining or cancellation
3. Outsource your requirements to a specialist
Now that you know where your gaps are, formulated a plan to address those gaps and done some research on options out there, I would recommend that you give that job to a specialized, focused managed security service provider (MSSP). You need to focus on your core business. Not trust core operations to cookie-cutter service providers offering everything to everyone. The bottom-line is that as an SME, you cannot afford a disaster. And a specialist may not be as expensive as you think.
Don’t leave your business exposed. Understand and protect your network, and secure your sustainability. Pick a partner that has the expertise, and who is alert and ready for any event. Employ a network security strategy that ensures split-second reflexes. Get a security solution that enables decisive preventative and reactive action. Lock-up and grow!
The Hacker News: www.thehackernews.com. Biggest Free Hosting Company Hacked; 13.5 Million Plaintext Passwords Leaked. Wednesday, October 28, 2015. Mohit Kumar: http://thehackernews.com/2015/10/free-web-hosting-hacking.html
ITWeb: SA businesses under cyber barrage. Admire Moyo. 3 Nov 2015. http://www.itweb.co.za/index.php?option=com_content&view=article&id=147514&catid=86&o=drnl&E
Digital Guardian: https://digitalguardian.com. How to Hire and Evaluate Managed Security Service Providers (MSSPs). Nate Lord, September 30th 2015. https://digitalguardian.com/blog/how-hire-evaluate-managed-security-service-providers-mssps.