Outsourcing is Key to Small Businesses’ Cyber Security
Cybercrime has continued to dominate the news in 2016 – including phishing attacks, malware and ransomware. As attacks grow in sophistication and frequency, businesses of all size are at risk. But small businesses in particular are increasingly becoming the targets of hackers. According to Symantec’s 2016 Internet Security Threat Report, phishing campaigns last year targeted small businesses 43 percent of the time, which is up nine percent over 2014. What’s more, ransomware attacks are also on the rise, growing 35 percent in the same timeframe.
With Cyber Security Awareness Month in full swing and the need to protect company assets growing in importance, small businesses are often left wondering what they can do to mitigate risk and reduce damage if they are the next target. What is often the hardest for small businesses, and home business owners in particular, is committing resources and time to their cyber security on an ongoing basis. Cyber security is not as simple as installing an application and walking away. Some of the largest companies have been infiltrated despite significant investment, and small businesses have a higher risk when they try to maintain their own security. This is where outsourcing technology comes in.
Outsourcing IT gives business owners access to a network of professionals to handle cloud-based applications and daily remote monitoring and maintenance (RMM) to protect against cybercrime as well as disaster recovery processing should an attack occur. By managing everything from website functionality and cloud migration to technology updates and data backups, outsourcing partners ultimately provide small businesses with the business continuity they need to compete.
Cyber Risks and Outsourced Resources
The best way to illustrate the true value of outsourcing IT for RMM and disaster recovery is to look at it from the perspective of a small business that manages its own IT operations, including security.
Take for example a small retailer that may rely heavily on its public-facing website for business operations. This is a vehicle for them to showcase their brand and interact with customers, and it serves as a platform for sales and service. Without having a brick and mortar store, they rely on their website for eCommerce sales, which is core to their business.
One day the owner of this company may get an email that asks the owner to click a link to view new shirt designs that look like they would fit in well with the retailer’s current offerings. Unbeknownst to this owner, this is a phishing email. After clicking on the link the retailer’s computer is instantly infected with malware that locks the owner out and demands that the company pay a ransom to access its files and the website’s back end. This particular hacker takes it a step further, threatening to shut down the retailer’s website if payment is not received within 48 hours. With insufficient data backups in place and not wanting to lose business, the retailer decides to pay the ransom via Bitcoin.
Unfortunately, this scenario is all too common – according to a recent report from PhishMe, 93 percent of phishing emails are now ransomware. And, oftentimes victims pay up rather than struggle to recover the data by other means – just like the retailer. But cyber criminals are just that – criminals. There are even times that hackers do not keep up their half of the deal and stop businesses from accessing the files they paid to have released. Or, they let businesses regain access and lurk within the infrastructure, waiting to cause additional damage. In the case of the small retailer, the hackers may wait until peak season for sales such as the holidays to strike again, knowing the owner would be anxious to pay in hopes of not losing business.
If this retailer were to have an outsourcing partner in place prior to receiving this phishing email, a number of factors would have been different and the risk of losing business would have been reduced dramatically. For example, an outsourcing partner could remove the business’s on-premises email server and migrate it to the cloud via solutions such as Office365. Small businesses cannot easily put the level of security in place that is achievable in a robust cloud environment. On top of this, they don’t have the resources to assess ongoing vulnerabilities of applications, such as on-premises email. The partner would ensure that mailboxes are migrated successfully, including setting up the appropriate security, access and archiving options. Enhanced security tools that integrate with Office365 may also be required to provide proactive monitoring, ensure software updates and protect against advanced attacks such as phishing emails. An outsourcing partner could oversee these technologies and ensure that updates are conducted regularly to maintain the highest level of security.
Another key capability of an outsourcing partner is backup and disaster recovery as a service (DRaaS) delivered via the cloud; this acts as an insurance policy and enables a quick return to operation (RTO) should a disruption occur. Many small businesses, such as the retailer discussed above, are operating with insufficient backup and disaster recovery. This means that if they are the victim of ransomware, they seemingly have no choice but to pay the fine to regain access to their files and restore business as quickly as possible. Recreating business data can take days if not weeks, in which a small business could be completely taken down. While an outsourcing provider can come in after a breach and help rebuild the business, having it in place to conduct regular backups prior to such an incident means that paying the ransomware is not the only option. From secure cloud-based capabilities to DRaaS, the advanced support an IT outsourcing partner can provide can be priceless. But, once a business recognizes the advantages of leveraging an outsourcing provider to provide these capabilities, it then needs to know what to look for when selecting a partner.
Tips for Selecting the Right Partner
When deciding to outsource IT for RMM and disaster recovery, there are a few considerations small businesses should keep in mind. First and foremost, the partner should be proactive. That provider should use tools to monitor desktops, firewall servers and other areas of intrusion such as email servers and be proactive about reporting any issues to management. The partner should also have the skills to resolve these issues – a good partner can do both, with a strong commitment to communication. Along the same lines, the outsourcer also needs to take ownership of keeping the business up to date on software, such as antivirus. There are new viruses every month, and having a partner devoted to keeping the business current on any updates is critical to safeguarding information.
The partner should also provide the business owner with access to monitoring tools that demonstrate the success of the outsourcing program, including successful completion of backups. Such tools provide alerts, analytics and reports to gain insights about how the businesses’ assets are properly protected and recoverable, and where opportunities for optimization may exist for storage, performance and other factors.
When it comes to disaster recovery specifically, it’s critical to ensure the DRaaS agreement contains an understanding of the frequency of testing the business’s disaster recovery capability, including the partner’s role in supporting the test. A disaster situation should not be the first time these capabilities are tested. Ideally, disaster recovery should be tested two times a year, and a minimum of once a year.
With cybercrime on the rise, business owners need to be more vigilant than ever about protecting assets, backing up data and having a recovery plan in place should a hack occur. Small businesses, and in particular home-owned businesses, often don’t have the time or staff to maintain their own security. By outsourcing IT such as RMM and disaster recovery, these organizations are better equipped to avoid threats and restore operations should they fall victim to an attacker’s advanced tactics. IT outsourcing partners act as an extension of the team, providing 24x7x365 support to mitigate risks and keep business up and running.
The post Outsourcing is Key to Small Businesses’ Cyber Security appeared first on Home Business Magazine.