There is no one simple solution that will eliminate all business security risks. However, organizations can build a robust internal culture of security that can profoundly decrease those risks. This approach starts from the top down.
Leadership must take a holistic approach to security because the risks are extremely high. The average cost of an attack is nearly $3,000,000. That number includes ransomed accounts, system outages, and downtime. According to a 2018 report, 40 percent of small-to-medium businesses experienced eight or more hours of downtime due to a breach.
These are a few of the efforts that businesses with a robust culture of security take:
- Regular security awareness training for employees. Your employees are vital to your success but are also your organization’s weakest security link. A properly trained employee, for example, would know how to spot phishing attempts. But of the millions spam emails sent daily that filters don’t block, nearly half are unknowingly opened.
- Thorough assessments. You can’t protect what you can’t find. Businesses that haven’t had standard policies in place guarding how, where, and when customer data is used and shared likely have exposed that data to risks. For example, maybe you make sure sensitive customer data isn’t stored in employee email inboxes – which is very risky. But have you also made sure the info isn’t being stored in the email sent folder? Do you know if your company copier stores copies of the data sent and received? A thorough security assessment will tell you the many places your data is hiding.
- Configurations. When you purchase equipment, software, or subscriptions, be sure to configure any of the services that can protect them. If you don’t, it’s essentially the same as having a high-tech home security system installed and never turning it on.
- Real-time monitoring. When a business purchases a managed security software, such as a SIEM, it’s vital that the product be properly configured and monitored on a 24/7 basis. If nobody is addressing a threat in real time, the system is a waste of money and provides a false sense of security.
- Preventative maintenance. All operating systems, patches and updates are essential to keeping your system up-to-date and safe from malware and other threats. Patches can:
- Address a specific bug or flaw
- Improve an OS or application’s general stability
- Fix a security vulnerability
- Outsourced management, infrastructure and IT services. The main reason companies hire managed service providers is for their security expertise. An MSP has a team of highly certified IT network experts and security specialists whose sole responsibility is to partner with your leadership team to ensure your success with operational quality, cost-effectiveness, security, and more. Managed security is like putting a chain-link, 12-foot fence around the entire perimeter, along with armed guards that patrol 24 hours a day, seven days a week. They are constantly watching in an active state. If someone attacks the property, the MSP immediately addresses that threat.
Rusty Goodsell serves as the Director of Sales for C Spire. He has over 15 years of experience building IT strategies for businesses of all sizes in a variety of industries.