No matter the size of your business, no matter what the product or service, your company is at least partially reliant on technology to survive and function in today’s marketplace. It is just unavoidable. A significant portion of everyone’s business is online in some fashion or other. And internal operations and administration are dependent on databases, servers on-line access, etc. A large and diversified company has the depth of staffing to fully support all of its IT infrastructure needs. Unfortunately, this is not the case with small- to medium-sized businesses, and it is absolutely not the case for recent startups struggling to get a foothold in the market. SMBs are generally forced to focus all of their resources on the operations that drive revenues. For example, how many small firms have a trained human resource practitioner on board, even though the lack of one can leave them vulnerable to a number of legal and staffing issues? Very few. They just don’t have the resources to devote to anything that isn’t sales or a critical line operation. The same tends to be true for an IT infrastructure support staff and the personnel “required” to support it 24/7.

The question then arises, how does an SMB begin to bring on the necessary resources to support their IT needs? A common solution is to bring on a generalist who will act as the IT director/manager and then that person will bring on additional, more specialized staff as revenue growth permits.

This is a pretty standard model for addressing IT support needs for a growing SMB. But does that really make the most sense? The issue with this model is that it follows a typical, hierarchical company org chart, but doesn’t necessarily meet the needs of a SMB. The IT demands of a typical company are very diverse, and one individual doesn’t have the depth and breadth of experience to significantly support every corner of your IT infrastructure. When resources for IT staffing are limited, creating the IT department that covers everything can be unrealistic. Building out this traditional model takes time and resources to make sure you have the IT support that possesses all the diverse skills needed to meet the many requirements of a sound IT infrastructure. As a result, this model may not truly meet the immediate/urgent needs of a developing or transforming organization. The alternative IT support is not from an organizational chart approach but from a risk management one.

What do we mean by a risk management perspective? For any business, but especially a smaller one without deep pockets, the consequences of some disaster may mean the end of the business. As a result, risk evaluation becomes critical. There are an endless variety of events, from mishaps to major disasters that challenge your viability. Risk management inventories all of the possible risks that could befall the organization and places them in a hierarchy of significance. At the top are single points of failure disasters or extreme events that would shut down the business, at least temporarily. Risk management then works to channel limited resources toward mitigating the most serious risks. How does this reflect on how you bring on IT support in your business? You bring on the support, either through hiring or an MSP on the basis of where your IT infrastructure is most vulnerable, not on the basis on “positions’” to be filled. This is a different approach and more appropriate for a SMB that has limited resources.

Cybercrime – Two basic routines to Protect Your Data

Cybersecurity is certainly not something to be ignored by organizations no matter how big or small they may be in terms of client base, staff or sales revenue. This is because cybercriminals don’t discriminate when it comes to choosing their victims. While bigger organizations may be better equipped to thwart a cyberattack, smaller businesses may lack the resources to do so. Also, smaller businesses will find it more difficult to bounce back from a cybersecurity incident. However, that doesn’t mean small businesses should give up on cybersecurity altogether. There are many ways in which SMBs can up their cybersecurity game. Here’s how…

Regular backups

By conducting regular backups of their data, businesses can ensure that any unforeseen data loss, theft or ransomware causes minimal damage. One caveat here though is that the data backups have to be stored safely such that they are ‘clean’, that is, uninfected and accessible. Also, the keyword here is regular. Backups must be as frequent as possible, to ensure that data loss is minimal.

Password hygiene

Companies must emphasize the importance of maintaining good password hygiene. Broadly speaking good password hygiene involves-

  • Using passwords that are not easily decipherable. Examples include avoiding passwords that can be easily guessed such as the company or user’s name, vocabulary words, even in a forgien language aren’t especially safe.
  • Using a combination of alphabet letters, symbols, and numbers, mixing font cases, etc.
  • Not sharing passwords with anyone, no matter who asks for it, or however urgent it sounds
  • Updating passwords regularly and also when an employee who had the access leaves their position or has their access revoked
  • Using password encryption software when entering passwords or sharing them

Why Managed Service may be the way to go for your data security

Since effective cybersecurity should be a proactive effort, not reactive, this means that SMBs tend to overlook the entire issue as something that can be pushed forward into the future.

One way to get around this challenge is to have a service level agreement with an MSP. An SLA with a managed service provider offers multiple benefits such as

  1. The obvious one is, you get the benefit of their expertise. An MSP’s core job is managing IT infrastructure, so when you bring an MSP onboard to manage your IT infrastructure, you get access to their unparalleled knowledge and expertise, which your internal IT team (even if you have one) may be lacking.
  2. Having an SLA ensures that the MSP prioritizes you over other customers and situations, meaning they are there when you need them.
  3. Your IT infrastructure is consistently monitored and maintained. Depending on the inclusions in your plan, outsourcing your IT to a managed service provider usually takes care of all the mundane, but essential elements of cybersecurity including backups, data recovery, security patches, system upgrades, etc.
  4. Overall, it can help you bring down your IT costs as your payroll expenses in terms of IT can be trimmed or eliminated in some cases.
  5. Having a managed service provider helps you scale, as they can manage the sudden spike and slumps in your IT infrastructure requirements that may be fuelled by various factors such as the holiday season, staff going on vacation, tax seasons, etc.,
  6. A managed service provider can help you draft the right cybersecurity plan for your business and also help you implement it effectively. Further, they can help manage the plan in the long run, ensuring that all the necessary elements are in place and functioning as they are supposed to.

Cybersecurity shouldn’t be an afterthought. It is one of the fundamentals of your business structure and should be a part of your core business process. Consult a managed service provider today to learn more about what you can do to keep your business safe and secure from cyber-attacks.

Why Cybersecurity shouldn’t be taken lightly

Let’s start with a “fun fact”: In 1981, the first cybercriminal was convicted of hacking into the AT&T network and altering its internal clock so it charged off-hour rates at peak times. So, it turns out that cybercrime is not all that new. But it stays new in the sense that it is constantly evolving. Cybercriminals now target not only big businesses like AT&T, but also small- and medium-sized businesses. Cybersecurity has to be a conscious decision. It is not something to be taken lightly or something that you can engage in passively as though it were yet another random business requirement. In order to stay safe in today’s highly vulnerable environment, businesses need to focus on cybersecurity and have clear cybersecurity strategies and action plans in place. This also means budgeting appropriately to support the process. Also, remember, creating a safe cyber space in your organization isn’t an idea that starts and ends with IT. Human Resources is a critical component in the design and implementation of any cyber security strategy. Often, SMB owners feel investing so much into IT doesn’t offer great returns–which may be true in some cases. Some of the reasons for this include-

  1. Your in-house IT staff may not have enough work to stay occupied full-time
  2. When you have an in-house IT team, there are other costs that come with it, that are generally HR-related, such as training costs, employee benefits, medical insurance, 401(k) etc.,

As a result, sometimes, SMBs tend to resort to the firefighting approach to IT problems, which means, they reach out to an IT service provider when they face an issue. However, more often than not, it is too little, too late and also, too expensive.

You can lose more in a cyber attack than you can imagine

One of the errors many smaller firms make–and some larger ones–is that they really don’t understand the broad-reaching effects of a cyber attack. If someone breaks into your home and steals a laptop, you may think “ well, insurance will pay for the laptop and the broken lock, let’s move on.” In reality, that usually isn’t the end of the story. It may take you a really long time to feel safe in your home. That’s the same problem that develops when your customer’s data is compromised. They may no longer trust you with their data and find someone else to do business with. The results of a cyberattack are far-reaching. If you think getting your stolen data back or your system back up and running is the end of a cyberattack episode you are wrong! No matter what industry you operate in, there are certain compliance and regulatory requirements that need to be followed. Apart from the obvious damage to immediate business revenue and reputation caused by business interruption and downtime, a data breach has far-reaching consequences on the legal front as well. Many firms never recover. Along the same lines, did you know that there are situations wherein you don’t even have to be the actual target to be the victim of a cybercrime? Sounds crazy, doesn’t it? But it’s true. If you have vendors or subcontractors, with whom you share business data, a data leak at their end could implicate your business as well.

Perhaps the most important element here is ensuring that you, as an organization, understand that cybersecurity responsibility has to begin at the C-level executive office. Like all successful corporate priorities, the initiative and drive has to start at the top. But it cannot end there. It has to be a top-down approach, whereby C-level leaders consider cybersecurity to be a priority. But it is not up to the CEO or CTO alone to ensure its success. Like we’ve said before, all it takes is one click and your entire IT infrastructure can come down like a house of cards. And that one click can come from anywhere. It could be Brenda from accounting who thought the link Sam from finance was sharing had cute dog pictures. What’s worse, it doesn’t even have to happen at work or on one of your computers in the office. With remote work and BYOD becoming the norm, one of your employees using their phone to check or reply to a work email can become an infection source unintendedly. What does this mean? Education at the level of the individual employee is critical to the success of your data hygiene initiatives. Everyone on your team has to have an understanding of the dangers lurking in cyberspace and learning how to identify and avoid cyberthreats such as phishing, clone sites, ransomware, virus and other malware.

Think you are too small to be a cyber attack victim? Think again!

A recent study pointed out that SMBs are increasingly becoming targets of cybercriminals because their cybersecurity measures aren’t as strong, sophisticated, or effective as those of large companies. Often, SMB owners tend to think they are too small to be targeted; in fact, their size and lack of cybersecurity measures make them an easy target for cybercriminals. This blog focuses on what small- and medium-sized businesses need to understand about cybersecurity.

One of the first things to understand is–no matter how lucky or careful you are– cybersecurity breaches are bound to happen. You are, at any point in time, just one click away from getting your entire IT network or data compromised. While this truth is the same for both smaller and bigger organizations, as an SMB the impact on your business, revenue, and brand is likely to be far greater when compared to a bigger company.

Second, the landscape of cybercrime is constantly changing. The more security features and components you have in place, the more cybercriminals are changing their tactics. So, you need to be constantly on your guard to keep up with them and fortify your IT infrastructure from a security perspective.