The following blog first appeared on the Secure ERP blog. It is reprinted here with permission.
Some small business owners will realize Iโm describing them after they read this blog, but then those same c-level guys wonโt see it and even if they do, they wonโt read it, because they donโt want to know.ย Actually, thatโs not really fair.ย These business managers donโt understand technology and donโt have time to understand it.ย Frustrated by the whole situation, too many CEOs assume theyโre completely invulnerable or, as my title implies, they develop The Ostrich Effect.ย Letโs look at why either stance is a disaster waiting to happen.
Invulnerable Until It Happens
It reminds me of teenagers not wearing seat belts.ย Theyโll be careful; they wonโt get in an accident.ย Honestly, I was never worried about how my kids drove, but more so the other crazy drivers out there.ย Cyber Security is similar in thatย youย can do everything right.ย However, if you havenโt trained your employees,ย theyย may unintentionally expose your business to cyber criminals.ย The company owner may also think, โHey, I let my IT guy worry about it.โ Is that your attitude to your entire business? If youโve hired an accountant, you never check the bank account or review the books?ย Now do I expect you to ask to review your firewall rules? Of course not. But I expect you to ask your IT guy what layers he’s using to secure your business. Also ensure they carry Errors & Omissions Insurance to cover YOU in case they commit some form of negligence.
Ignored Until It Hits The Fan
Trust me, I get it.ย I sometimes feel like that life insurance agent saying โItโs not a matter of IF, but WHEN.โย Occasionally, Iโm treated that way too.ย Because there are about 15 different layers of security a business can implement, selecting the most cost effective layers truly is a daunting task.ย This may be why 85% of IT firms don’t bother with a cyber security service at all.
Insecure:ย In a July 2017 study, 85% of MSPs donโt offer clients any form of cyber security services โย โState of North America Managed Servicesโ prepared for Barracuda MSP by the 2112 Group
Here are the top 3 layers I ensure are implemented properly first. And just saying you have them doesnโt make it pass muster. The Titanic was unsinkable.
- Business Continuityย (previously called Backup/Disaster Recovery) Backing up to USB hard drives doesnโt cut it anymore. Ask me and Iโll lay out the business reasons why.
- Employee Trainingย โ Statistically, your employees are your weakest link without training.
- Advanced Endpoint Protectionย (you call it โAnti-Virusโ) If what you have installed isnโt Behavior-based and covered by a 24/7 Security Operations Center, you arenโt covering this base anymore. The attacks have surpassed the capabilities of legacy, signature-based anti-virus. Itโs better than nothing, but not much more than that. Here’s the best protection I’ve found so far.
Obviously, Iโd like your business to have a few additional layers and if you hire me Iโll recommend what I think will BEST keep you safe.ย Turn them down and Iโll ask you to acknowledge you were warned.ย I have to protect myself from the Ostrich too.