Small Business Cybersecurity - Don’t Stick Your Head in the Sand!

2 Ways to Avoid the Small Business Cybersecurity Ostrich Effect

Are you a small business owner suffering from the Ostrich Effect when it comes to small business cybersecurity? When it comes to keeping up with the latest cyber threats, it takes much more time to stay up to date than most business owners or managers have time to spend. As cybersecurity professionals that help protect small businesses from attack, we encounter many small business owners that assume they are safe when they are in fact dangerously vulnerable.

There are 2 common reasons business owners don’t take the necessary precautions when it comes to protecting the business from cyber-attack. Business owners develop The Ostrich Effect because they have a false sense of security because they enlist an IT resource to keep after those things or ignoring it is less stressful than worrying about it. Let’s look at why either stance is a disaster waiting to happen.

2 Reasons Small Business Cybersecurity Causes  Owners to Stick Their Head in the Sand

1. We’re Safe Because We Took Precautions

Taking care of protecting your small business with cybersecurity is like putting on your seat belt each time you drive. You can do everything right, but accidents still may happen. Even if you think you’ve taken precautions to protect your business, if you haven’t trained your employees, they may unintentionally expose your business to cybercriminals. The company owner may also think, “Hey, I let my IT guy worry about it.” Is that your attitude to your entire business? If you’ve hired an accountant, you never check the bank account or review the books? Now do I expect you to ask to review your firewall rules? Of course not. But I expect you to ask your IT guy what layers he's using to secure your business. Also, ensure they carry Errors & Omissions Insurance to cover YOU in case they commit some form of negligence.

2. If We Ignore It Maybe It’ll Go Away

When I educate small business owners about small business security, I sometimes feel like that life insurance agent saying, “It’s not a matter of IF, but WHEN.” Occasionally, I’m treated that way too. Keeping on top of security is a daunting task for anyone since there are about 15 different layers of security a business can implement. Who could know how to go about, selecting the most cost-effective layers truly? This may be why 85% of IT firms don't bother with a cybersecurity service at all.

One report reveals how little cybersecurity is adequately provided by Managed Service Providers (MSPs): In a July 2017 study, 85% of MSPs don’t offer clients any form of cybersecurity services – “State of North America Managed Services” prepared for Barracuda MSP by the 2112 Group

Here are the top 3 layers I ensure are implemented properly first.  And just saying you have them doesn’t make it pass muster. The Titanic was unsinkable.

1. Business Continuity (previously called Backup/Disaster Recovery) - Backing up to USB hard drives doesn’t cut it anymore. Ask me and I’ll lay out the business reasons why.
2. Employee Training – Statistically, your employees are your weakest link without training.
3. Advanced Endpoint Protection (you call it “Anti-Virus”) - If what you have installed isn’t Behavior-based and covered by a 24/7 Security Operations Center, you aren’t covering this base anymore. The attacks have surpassed the capabilities of legacy, signature-based anti-virus. It’s better than nothing but not much more than that. Here's the best protection I've found so far.

As a small business cybersecurity consultant, I recommend that you have a few additional layers of protection. I help assess your situation and make recommendations on what I think will work BEST keep your business safe. If you decide to not implement the suggestions, I’ll ask you to acknowledge that you were warned. I must protect myself from the Ostrich, too.

SEE OUR RELATED ARTICLE: Ransomware is a “Risky Business” Epidemic

DOWNLOAD OUR FREE GUIDE: The Top 10 Ways Hackers Get Around Your Firewall and Anti-Virus to Rob You Blind 

Secure ERP, Inc.

We are cyber security & ERP integration advisors in central Indiana with over 25 years of experience supporting small to medium-sized businesses. Founded by a CPA & Sophos certified security engineer/architect, Secure ERP is dedicated to our client’s cybersecurity & growth objectives. We are a certified TRAVERSE consultant firm and also work with SYSPRO ERP.

Contact Secure ERP, Inc. today!  Email us, call (317) 290-8702 or visit us at: www.secureerpinc.com.

About the author, Rick Rusch | Cyber Security Evangelist

For over 25 years Rick has helped companies utilize technology safely & productively. Recognizing the dangers of the Internet age several years ago, Rick has passionately focused on cybersecurity to help clients guard their reputations & their most precious asset, their digital data.

Another version of this blog was previously posted on SecureERP Inc's Blog - SMALL BUSINESS CYBER SECURITY, THE OSTRICH EFFECT

Photo courtesy of freedigitalphotos.net by "anankkml"