Every company big or small is at risk of being hacked. Small businesses are often at a greater risk due to the lack of a security policy. Take a look at these general small business cyber security statistics from SmallBizTrends:
- 43 percent of cyber attacks target small business.
- Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective.
- 60 percent of small companies go out of business within six months of a cyber attack.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
After reading these stats, it’s easy to see how impactful a thoughtful approach to hiring an IT professional could be for your small business. Here are some common scenarios that are often overlooked by small business owners:
You need to manage security risks associated with web-based applications you use for your business.
Between all the different coding languages, data leaks can happen. This risk is minimized when internally implementing new features or fields to web applications as it allows users to review, mitigate and accept certain risk when providing new functionality to how businesses present themselves and the digital footprints they leave to get there.
Overlooked Risk Scenario:
You implement a new online form to be used by a prospective client to apply for your service/buy product. The email address to send the form to is disclosed on the webpage. An attacker may notice there is no limitation placed on how many emails can be sent and take advantage of that vulnerability. As a result, the webpage mailing service could get blacklisted (Unable to send emails to any source) by your internet service provider for 48 hours because you look like a spammer, which could lead to the loss of real prospects.
You need to manage and administer local network resources in-house.
If you currently have an external company handling routing and permissions to network resources, there is often a disconnect when it comes to a company’s objectives, leading to a lot of back and forth. These communication issues could lead to rework, bottlenecks, and frustration. Alternatively with an in-house IT professional, if you need immediate clarification on anything, you’ll have better access to bring up new points or gain a better understanding of processes.
Overlooked Risk Scenario:
You make an immediate request to your external IT provider to remove a user who is no longer with the company, but the provider is out for a holiday that your company doesn’t observe. The ex-employee still receives your client’s information via email until the request is seen and resolved, thus leaving your clients data at risk of the former employee’s retaliation.
You need proper IT policy and compliance enforcement.
Company policies can be managed by an administrator, but the lack of understanding as to why they are in place can impede workflow and lead to possible data leaks if improperly implemented. This is usually seen by external vendors in a testing phase. This also adds a layer of accountability to internal staff, meaning you get a direct answer, instead of a “Let me ask my manager,” while getting bounced around a call center.
Overlooked Risk Scenario:
A manager has told an employee they are no longer allowed to perform an action outside of the company’s standard operating procedure. The manager needs to leave for an emergency, and the employee continues to perform things his/her way. Another user asks how to perform a task, and the employee shows other members the improper manner he/she was specifically told not to do. This instance is a perfect example of the blind leading the blind, resulting in fractured processes.
An in-house hire may be more cost effective for your small business.
Managed Service Provider (MSP) companies profit from businesses that don’t want to pay the salary of an internal IT. Eventually, between project hours, changing rate plans and contracts, the actual cost of the service your paying can supersede what you would have paid an internal IT anyway. By keeping an internal IT, you’re allowing yourself to better budget your technology expenses without having to pay that after-hours cost, in case the job takes longer than expected.
Overlooked Risk Scenario:
The company employs an outside vendor for 3 years for IT management. The purpose was to save money, but because of the contract stipulating a cost per machine, when the business expands (say from 10 to 40 employees), the actual monthly cost was never calculated. Thus, leading to the business playing catch up on the billing cycles while not being able to budget for new upcoming projects, which also aren’t covered under their current contract (adding more additional cost).
You need data leak and loss prevention of personal information protection.
Security leaks are a big deal for today’s small businesses. The more ports that need to be open for an external team to manage your network, the more holes for hackers to exploit, both within your network and your Managed Service Provider (MSP). If the MSP is hit by a piece of ransomware and didn’t run that latest update, your data along with any other clients they manage are at just as much risk.
Overlooked Risk Scenario:
The latest ransomware has been reported on the news. Your company decides to have everyone update their computers to ensure all data on the systems is secure from the infection. The vendor does not perform the update and gets hacked. Regardless of how up to date your computer is with all the security measures in place, your administrator passwords are still pulled from the vendor’s database along with internal company instructions/knowledgebase on how to connect to your company. Security is only as strong as its weakest, verifiable link.
Small business owners often come to us for help when they need to expand their workforce. One issue they face with implementing that expansion is bridging the pay gap with fast working capital. If you face this similar situation, we may be able to help you.
