ostrich 300x202

Small Business Cyber Security: The Ostrich Effect

The following blog first appeared on the Secure ERP blog. It is reprinted here with permission.

 

ostrich 300x202

Some small business owners will realize Iโ€™m describing them after they read this blog, but then those same c-level guys wonโ€™t see it and even if they do, they wonโ€™t read it, because they donโ€™t want to know.ย  Actually, thatโ€™s not really fair.ย  These business managers donโ€™t understand technology and donโ€™t have time to understand it.ย  Frustrated by the whole situation, too many CEOs assume theyโ€™re completely invulnerable or, as my title implies, they develop The Ostrich Effect.ย  Letโ€™s look at why either stance is a disaster waiting to happen.

Invulnerable Until It Happens

It reminds me of teenagers not wearing seat belts.ย  Theyโ€™ll be careful; they wonโ€™t get in an accident.ย  Honestly, I was never worried about how my kids drove, but more so the other crazy drivers out there.ย  Cyber Security is similar in thatย youย can do everything right.ย  However, if you havenโ€™t trained your employees,ย theyย may unintentionally expose your business to cyber criminals.ย  The company owner may also think, โ€œHey, I let my IT guy worry about it.โ€ Is that your attitude to your entire business? If youโ€™ve hired an accountant, you never check the bank account or review the books?ย  Now do I expect you to ask to review your firewall rules? Of course not. But I expect you to ask your IT guy what layers he’s using to secure your business. Also ensure they carry Errors & Omissions Insurance to cover YOU in case they commit some form of negligence.

Ignored Until It Hits The Fan

Trust me, I get it.ย  I sometimes feel like that life insurance agent saying โ€œItโ€™s not a matter of IF, but WHEN.โ€ย  Occasionally, Iโ€™m treated that way too.ย  Because there are about 15 different layers of security a business can implement, selecting the most cost effective layers truly is a daunting task.ย  This may be why 85% of IT firms don’t bother with a cyber security service at all.

Insecure:ย  In a July 2017 study, 85% of MSPs donโ€™t offer clients any form of cyber security services โ€“ย โ€œState of North America Managed Servicesโ€ prepared for Barracuda MSP by the 2112 Group
Here are the top 3 layers I ensure are implemented properly first. And just saying you have them doesnโ€™t make it pass muster. The Titanic was unsinkable.

  1. Business Continuityย (previously called Backup/Disaster Recovery) Backing up to USB hard drives doesnโ€™t cut it anymore. Ask me and Iโ€™ll lay out the business reasons why.
  2. Employee Trainingย โ€“ Statistically, your employees are your weakest link without training.
  3. Advanced Endpoint Protectionย (you call it โ€œAnti-Virusโ€) If what you have installed isnโ€™t Behavior-based and covered by a 24/7 Security Operations Center, you arenโ€™t covering this base anymore. The attacks have surpassed the capabilities of legacy, signature-based anti-virus. Itโ€™s better than nothing, but not much more than that. Here’s the best protection I’ve found so far.

Obviously, Iโ€™d like your business to have a few additional layers and if you hire me Iโ€™ll recommend what I think will BEST keep you safe.ย  Turn them down and Iโ€™ll ask you to acknowledge you were warned.ย  I have to protect myself from the Ostrich too.

More on blogs

Where AI Meets Cybersecurity: A Practical Starting Point for MSPsย 

MSPs are already their clientsโ€™ trusted security partner. Adding AI guidance to your services isnโ€™t a stretch - itโ€™s the logical next step.

Helping Clients Navigate AI-Powered Business Email Compromise: Turning Risk Into Readiness

Take the First Step

Experience Training That Makes a Difference

during the demo youโ€™ll:

Take the First Step

Experience Training That Makes a Difference

During the demo youโ€™ll: