Tuesday, 29 October 2019

Why SMEs Should Get Expert Help with Cyber Security

Cyber security is a complex topic, so for SMEs it can be better to find an experienced IT partner than try to do it all in house.

Cyber security is a complex topic, so it is essential to get expert help. As a result, and particularly for SMEs, it is better to find an experienced IT partner than to try to do it all in house.

No-one starts a business in order to become the victim of cybercrime but there is now a responsibility to ensure that your data is safe – partly because your data includes that of your customers and suppliers.

We know that cybercrime risk is increasing; the threat is continually evolving while at the same time the number of incidents is blooming. To make matters worse, the increasing digitalisation of our lives and working environments serves to increase all organisations’ potential attack surface.

Furthermore, many digitalisation initiatives don’t incorporate the necessary security considerations. It can be confusing but the help required is available.

How can SMEs respond?

The average small to mid-size business can’t afford a qualified cyber security expert. People with the right qualifications, experience, and certifications don’t come cheap.

Consider also then, that to ensure proper coverage – especially over holidays and sickness – and the necessary degree of security over succession planning, you’re really going to need to employ two such individuals which just isn’t going to be practical for a small business.

A shortage of the right skills

2018 research by ESG found that – as in the preceding four years – cyber security professionals are the most sought-after IT professional. 51% of surveyed organisations reported a “problematic shortage” of cybersecurity skills. They reported that cyber security is the area of IT skills where their organisations have the biggest, most problematic shortage.

Any one of these factors could put the recruitment and retention of an effective person beyond the reach of most SMEs. Together, they create a perfect storm which is leaving SMEs without recourse to the cyber security skills they need to protect their business, systems, data and people.

These very same drivers – the expense and the shortage of cyber security skills – make it vital for SMEs to find experienced, qualified partners for whom they can turn to help them develop the right levels of cyber security for their organisations.

Managing an increasing and evolving risk

There are many elements of cyber security that organisations can – and, probably, could – do for themselves. This includes the management of user administration and the implementation of starters and leavers policies, for example.

However, there are other aspects of cyber security where it is advisable to seek specialist or expert help. Installing and maintaining firewalls and VPN management are two areas where it is particularly useful to outsource. These are specialist skills and can be time-consuming to manage effectively. They need ongoing management and you need to stay up to date with the latest security standards and compliance issues.

Updating software, virus/malware scanning and content filtering are even more likely candidates to outsource. They are very specialist skills and you really need to stay up to date on what’s new. Partnering with a company that does this for a living is a sensible precaution.

How to get outsourcing right

The important success factor in all this, of course, is to be very clear about why and where you need help. Most importantly, you need to define requirements and the boundaries of responsibility contractually.

This means talking to your outsource partner to define what is necessary and what you can expect from their service. For example, how will updates be managed? Who has responsibility for applying security patches? For which applications? And how frequently?

In some ways, defining the contractual responsibilities is another job you’d probably like to outsource. And this makes finding the partner – and asking the right questions – absolutely essential.

 

If you currently outsource your IT support, are you aware of what security measures your provider has in place? Moreover, what do you actually know about your provider? How are they qualified to protect you and what certifications to they or they business hold.

Those are the really important questions these days.

In their 2019 Annual Review, the NCSC quote Dr Emma Philp of the IASME Consortium, soon to become the sole Accrediting Body for the Government’s Cyber Essentials Scheme,

“We are increasingly seeing the Cyber Essentials scheme being used successfully as a scaffold for the smallest of organisations to implement basic cyber security controls. The assessment questions are a structured way for small companies to become more educated and question their IT providers on security controls, helping to protect their business”

The key fact to remember is that outsourcing may well make sense so that you can easily and cost-effectively access the skills you need, but outsourcing doesn’t mean an end to your responsibilities. Ultimately, the buck stops with you; it is you who is responsible for your employees’ and customers’ personal data, for example.

So, just because you outsource, doesn’t mean you should let go; outsourcing is about partnership.

And if you go into it seeking partnership there will be other benefits too – you can focus on your business and thrive in a safer working environment.

 

If you’d like a free copy of our guide to selecting an IT Partner, click here.