Investing in cyber security services can be a daunting task for small to medium businesses (SMBs). The increasing threats coupled with a complete lack of understanding as to what to do, makes the task seem impossible.
No doubt there are plenty of experts in the form of Managed Service Providers (MSPs) that can advise you. The challenge however, is that these engagements can be equally confusing to leaders of SMBs.
So what should you do?
The first thing you should realise is that any investment into cyber security services should be business led, not technology led. With this in mind, there are 3 key things you should know before signing up your SMB to new products & services.
In many ways this concept is no different to traditional security. If you were looking at protecting a building you would start with the value of the contents. Likewise, cyber security discussion should start with the value of your data.
When considering your data's value, you need to keep a few things in mind. Your data may not be worth much on the open market, but it is valuable to you. Be sure to consider:
Understanding the value of what you stand to lose in a significant cyber breach is the first waypoint in identifying the best path forward. The amount of money you invest in cyber security services should be relative to your risk.
Every business has unique strengths and weaknesses. Given that no SMB has the resources to do everything by the book, priority should be given to the areas most vulnerable.
As an example, a business with significant IP or sensitive information may need to prioritise encryption, network protection and user access controls. Likewise, a manufacturer with high transactions and tight turnaround times may need to prioritise recoverability above all else.
Your weaknesses are not defined by technical capabilities & hardware. Rather, they are the critical functions of your business that deliver value to your clients. If you have delivery guarantees, you have a vulnerability in productivity. If you have clients that require levels of assurance around your data management, you have a vulnerability in compliance.
Knowing the top 2-3 things that could negatively impact your business operations is key to knowing how to effectively invest in cyber security services.
There has been a growing list of requirements on SMBs and their data management in recent years. Commonly this has been related to two major factors:
If your business is beginning to be effected by the changing tides, this should be factored into your spending. Many requirements being pushed to SMBs can take several months or even years to implement. You don't want to end up in a position of being unable to sign new revenue due to poor cyber security practices.
The combination of these 3 'knows' should inform an appropriate level of spend for your business. There is a sweet spot in spend when it comes to cyber security products & services that differs from business to business.
Spending too little results in little to no measurable benefit. Likewise spending too much has diminishing returns and is better spent elsewhere. Finding this sweet spot often proves to be the most difficult aspect for SMBs.
Once you have determined an appropriate level of investment, the next major component is understanding how to best allocate those resources. As discussed above, understanding your businesses vulnerabilities is key.
An effective cyber security strategy understands risk, priorities, and distributes efforts for maximum effect. You don't have to do everything at 100%, but you should weigh investment towards the areas most important to you.
Putting the above into action can be easier said than done. It can be hard for SMBs to correctly evaluate the value of data and vulnerabilities in the business.
We have significant experience in having these exact conversations. If you're concerned about cyber security in your business, but are not comfortable having this conversation internally or with your existing MSP, consider giving us a call.
Alternatively, you can book a chat directly with us at a time that suits you to learn more.