Having an IT Person Doesn’t Mean You’re Secure

Increasingly, small businesses know that Cybersecurity is something that they should do…in fact that they must do. Many rely on outsourced IT providers or Managed Service Providers for this function. Outsourced IT and MSP providers serve important roles for smaller businesses and can help a business out with everything from computer setup and support to phone systems to other critical technology related services. However, just like any other provider in any other industry, most tend to be better at certain things more than they are at others. Some are well versed in cybersecurity, and some are not. A common refrain we hear when we talk to the owners and executives at smaller companies when asked about their cybersecurity is “I’m good…my I.T. person handles that”. Much of the time we find that they are entrusting these providers with the security of their business and not really understanding what is being done (or not done) on their behalf to protect them.

‍

This is a mistake. You wouldn’t hire a Financial Advisor without interviewing them, getting to know them, and asking some tough questions about where and how your money is going to be invested. You sit down and get to know them first. You ask tough questions. You make sure you are aligned on goals and expectations. Once you hire them, you most likely are meeting with them regularly, maybe quarterly, to track how things are going. You also would most likely have access to a brokerage account that they are using so you can monitor your assets and understand what is being done on your behalf. In other words, you are clear on who they are and what they will be doing for you because what they are doing is very important.

‍

You may be asking yourself…”If it happens so often to smaller businesses, then why don’t we hear about it more? I only hear about hackers hitting large companies.”

‍

The same kind of effort, transparency, and vigilance should be pursued when you are entrusting the security of your company and data to an outsourced provider. Just like you wouldn’t want to suddenly lose all your money, I can assure you that you do not want to wake up one day to find out that you have suddenly lost all of your data. And yet it happens all of the time...more than most people think. You may be asking yourself…”If it happens so often to smaller businesses, then why don’t we hear about it more? I only hear about hackers hitting large companies.” The truth is that only companies of a certain size are required by law to disclose cyberattacks and loss of sensitive data. Smaller companies are not required to report these attacks, and they usually do not. Why not? Mostly because these attacks are not only very damaging to them, but they are very embarrassing to them as well. While what mostly gets talked about after an attack is monetary loss, ransom payments, and the interruption to the business, it’s often the embarrassment and reputational damage to businesses that is the most damaging.

‍

Make sure that instead of just lulling yourself into believing that your outsourced provider has ”got it” when it comes to your cybersecurity, that they actually do. As important as phones, laptops, and other IT services are, cybersecurity is probably the most important service that they offer where you as the client have the most to lose if it is not done correctly. Do the research. Sit down with your provider and ask the tough questions. Make sure you know what is being done on your behalf.  It might be the most important thing you can do to protect your business, and it shouldn’t be done on assumptions and faith.

‍

If you or your IT professional are curious about improving your cybersecurity, we’d be happy to help.