As the cyberthreat landscape becomes more complex, many small and medium-sized businesses (SMBs) are weighing their options for protecting their data. And with good reason.
Networks are becoming more complex and bad actors are growing more sophisticated. The growth of the Internet of Things means more businesses are deploying web-connected smart devices that give hackers another potential entry point. Breaches are becoming both more serious and difficult to detect. For example, according to CDW’s “Cybersecurity Insight Report,” 25 percent of known security breaches over the past year have caused significant problems for the victimized organizations, from widespread internal impact to bad publicity to actual harm done to clients.
What should SMBs do in response? Should they attempt to manage their own security by hiring in-house security professionals or even a CISO? Should they retain a consultant to recommend some combination of best-of-breed security solutions, then have internal staff install and manage it? Should they outsource everything to a managed service provider (MSP) or managed security service provider (MSSP)?
Let’s review the options.
Small Businesses Are Not Protected by Their Size
Business owners must understand they need to act on cybersecurity, and it needs to be more than just self-installing some off-the-shelf anti-virus software and calling it a day.
Small business owners in particular are susceptible to the myth that their data isn’t at great risk because they’re too “low profile” or their revenues aren’t enough to attract hackers’ attention. That idea couldn’t be more wrong. In fact, if anything, small businesses are more attractive to hackers precisely because their size means that they’re seen as soft targets.
According to the Ponemon Institute’s “2017 State of Cybersecurity in Small and Medium-Sized Businesses” report, 61 percent of SMBs experienced at least one cyberattack in the past 12 months, a figure that increased from the previous year. The nature of attacks against SMBs are also changing in malevolent ways. In 2016, Ponemon found only 2 percent of respondents “described the cyberattacks they experienced as ransomware” as opposed to 52 percent of respondents a year later.
Why Outsourcing Could Be the Right Choice
For many SMBs, outsourcing cybersecurity to a managed service provider, such as Quest Technology Management or Masergy Communications, is worth considering. Few midsized companies (and hardly any small businesses) have the internal IT security staff necessary to implement and manage a comprehensive cybersecurity program. Even businesses with outstanding technical talent will need their IT professionals spending most of their time on managing the network and driving new solutions for the business, not on security, which demands its own set of niche skills.
Hiring an in-house security expert may be an option for some businesses, however, it is the single most challenging job to fill in the IT department. According to the 2018 “State of the CIO” report from CIO magazine, nearly 40 percent of CIO survey respondents said they expect to have difficulty filling their security jobs. Because of the high demand, cybersecurity professionals command high salaries and can be difficult to retain once hired.
What to Look for in a Cybersecurity MSP
If you decide to outsource your security management to an MSP, here are some things you should look for as you search for the right partner. The MSP that’s right for you will:
Understand your business model. Different businesses have unique security vulnerabilities and needs. Any MSP you consider should have a thorough understanding of your business and the technologies that you’re using.
Develop a comprehensive security plan. You should be looking for a partner that can provide you with a holistic understanding of what they recommend for you. That includes particular technologies, as well as suggested policies and security procedures, a disaster recovery strategy, auditing and compliance.
Be experienced with your technology suite. Some MSPs have more experience with WatchGuard security technologies, others with Cisco or Barracuda. Many will also have deep experience with a variety of platforms. Just make sure that the one you choose understands your technology and can fairly recommend any needed additions that will integrate well with your current stack.
Make it easy to work with them. A good MSP will be an expert in managing your security needs and, well, managing you, the client. You should know going in who your day-to-day contact will be, who your IT staff will work with, how often you’ll meet and what will be the client management process.
Most SMB leaders will sleep better at night knowing that an expert is monitoring their network carefully, recommending the latest technologies and policies necessary to keep data safe and managing security day to day. You might choose to do all that in-house, but if you’d rather keep your IT team focusing on helping your business grow, then hiring an MSP is worth considering.