As the number of interconnected devices grows, we need to reconsider what cybersecurity really means. Deploying anti-virus tools and firewalls only takes a company so far in defending against attacks, and a more holistic approach to protecting data and IT assets is necessary.
Cybersecurity today affects everything that’s technology-enabled. Whether you’re developing software, building networks, or integrating disparate technologies that may not necessarily fit within the traditional boundaries of IT, there is always a security component to consider. This clearly places a burden on solution providers who must run their clients’ IT environments with maximum uptime, but also protect their data and networks. Even if you don’t have cybersecurity expertise beyond the basics, you need an understanding of threats and risks, especially “shadow IT” areas such as the Internet of Things (IoT) and VoIP, to steer clients away from dangerous territory.
For starters, you need to understand the technologies your clients employ. Do they have VPN connections to employees and B2B links to third parties? Have they started to install IoT devices? Do they control their voice systems and physical security via their network? The more you know, the more conversant you will be in explaining potential dangers and how to avoid them. This knowledge will also prepare you to better alert clients on the security ramifications of interconnected systems, so they don’t assume they’re secure simply because they have AV tools and firewalls.
Not Immune from Cybercrime
Small businesses often consider themselves immune from cybercrime, assuming they have nothing hackers would want or are too small to arouse interest. But all companies, big and small, handle valuable data that can be highly profitable to cybercriminals, such as health records, credit card credentials, and intellectual property.
Many small businesses connect digitally to larger partners, and if they don’t have adequate security systems in place, they put themselves and their partners at risk. The November 2013 Target breach and a 2015 attack on the federal Office of Personnel Management reportedly were both facilitated by third-party vulnerabilities. This is why it is imperative that solution providers explain to clients that they have certain security responsibilities when they are part of a digital ecosystem.
Solution providers must educate small business clients on the dangers and potential ramifications of failing to properly secure their data and networks. Providers should take a consultative approach to helping clients select technologies and set user policies to avoid putting their businesses and their partners at risk. Solution providers also can address the persistent misconceptions around cybersecurity. Not every breach or hack is a major problem, for example. We on the front lines must clear up the confusion for clients.
Providers can use such incidents as teaching moments, explaining the types of risks—from robotic threats to targeted, state-based advanced attacks—so clients get a better understanding of how to defend against them. Cybersecurity requires a multilayered approach involving tools, training, action, and a continual state of alertness to keep up with new threats and take action to address them.
RON CULLER is co-founder of Secure Designs and serves as the CTO, technology architect, MSS visionary, and security evangelist for the company. With more than 23 years of experience in technology, security, and the channel, he is a disruptive thinker actively engaged in expanding the understanding of security and technology for businesses of all sizes.