CYBER SECURITY | 6.5 MIN READ
According to a 2018 report compiled by Verizon, 58% of cyber attack victims were small businesses. While many may think that large corporations are the main target, they aren't. This is because SMB's have less resources to dedicate to cyber security, which makes them easier targets. Keep reading to learn what IT options are available to your business.
Not enough time? Jump to:
Option 1: Break/Fix
Break/fix solutions tend to come in the form of hourly support. For businesses with smaller budgets, they could find it beneficial to, from a basic standpoint, manage their IT themselves with the installation of basic software such as an antivirus, and then pay a break/fix company to remedy issues that crop up.
Small businesses that are just starting off may not have the funds to pay for an entire team of IT personnel, whether it's internal or through a third party.
By managing what you can yourself on a basic level and paying only for hourly break/fix support when you really need it, you can have some form of IT at a lower cost. An example of a break/fix solution is Best Buy's Geek Squad.
Break/fix solutions are a reactive, not proactive, approach to cyber security. Break/fix doesn't offer any active network monitoring options for cyber threats. This means that in reality, the management of your network's security on a day-to-day basis is left up to you.
With break/fix IT, you only use their services when an issue pops up. While in the short-term this thinking can make sense, in the long-term it is inefficient and ineffective.
In terms of inefficiency, you may experience extensive downtime with break/fix IT. Since they're not internal IT or a third-party vendor that you're a client of, it can take them longer to remotely access your network and find the source of the problem.
With internal or managed IT, since they're constantly monitoring your network and have installed various security software, they are made aware of problems before you even know you have them.
Additionally, in the event that an employee requests IT assistance, internal or managed IT vendors can check those software to find the root of the issue, as opposed to a break/fix technician who knows nothing about your network and doesn't actively monitor your security software for issues.
RELATED: The True Cost of Downtime
In general, businesses with the funds for additional IT support shouldn't use a break/fix IT solution.
Along with being inefficient, the costs for break/fix service calls can quickly add up. With other IT solutions, you simply pay a flat rate to have service calls included.
The unpredictable nature of computer issues means that you may randomly have to pay thousands for break/fix support, which can be expensive and hard to budget for.
Additionally, break/fix is only cheaper if you're using it for the occasional hardware fix, not for putting out massive "fires" or consistent hardware, software, and user issues.
Option 2: Internal IT Department
By building your own IT department from the ground up, you can customize it as you see fit.
You can hire employees with the exact qualifications and experience that you prefer. Since you have intimate knowledge of your company and its needs, you know exactly how many employees will be sufficient enough for an IT department.
Additionally, you can customize all the hardware and software that you'll have in your network. This includes everything from email filtering and antivirus to firewalls and servers.
Those that prefer a hands-on approach to cyber security may gravitate towards in-house IT. Since they're right in the office, you can physically visit your IT department any time you want with questions and concerns.
Being able to have an in-person conversation with your IT department instead of a phone call or email can be valuable for getting issues solved quicker and giving you peace of mind.
When you build an in-house IT department, the costs can quickly add up. You have to pay for the salary and benefits of every full-time employee, which becomes sizable if you're trying to build an entire team.
You also have to pay for all equipment that's essential for your team to effectively do their jobs. This means buying expensive workstations. Just one computer with enough processing power for an IT employee to do their job can cost close to $2,000.
For your IT department to effectively manage workflow and protect your network, you'll also need to buy or lease a variety of cyber security and management software.
Security software could include everything from antivirus to email filtering. Management software includes a ticketing system to handle requests for IT support.
Though having your IT department in-house would seem like issues would be solved quicker, sick leave and vacation time poses potential issues for productivity.
For instance, if your department is comprised of a few employees and one or two leave for vacation or sick leave at the same time, then less employees bear the brunt of more work.
Additionally, in-house staff are constantly bogged down by low-level complaints. Other employees can take advantage of the fact that they can walk down the hallway to solve issues, which means that they could visit the department every time they have a problem, no matter how small.
This can take in-house employees away from their main job − monitoring and protecting your network. Additionally, because in-house employees tend to work the normal 9-5 Monday-Friday hours, response times may be slower if an emergency happens outside of normal business hours.
On the other hand, with managed IT, you can sometimes pay for 24/7 service, which ensures that all emergencies, even those that occur outside business hours, are promptly responded to.
Option 3: Managed IT Services
While managed IT services may seem expensive, it can actually end up being cheaper than hiring in-house. When you hire in-house IT, you have to pay for the salary and benefits of each full-time employee in that department along with a host of additional costs.
In comparison, the salary of just one full-time in-house IT employee can pay for an entire managed IT package, which gives you a whole team of experts at your disposal.
While there are a few different pricing models for managed IT, all of them are cheaper than building an in-house department.
Building your own IT department takes a lot of time and effort. After taking time to allot space for a new department in your office, you have to interview and hire the right people.
Then, you have to work with those new employees to figure out what equipment is needed, and then execute the purchase and setup. This whole process can take months to properly execute. With managed IT, you simply sign with the right provider and then they take over from there.
After a visit to your office to set any new hardware and software up, your MSP is ready to work.
In-house IT personnel can quickly become bogged down with fielding low-level help requests from other employees, which can distract them from their main job of protecting your network.
By outsourcing your IT to a Managed Service Provider (MSP) you lower the risk of having an overwhelmed internal IT department.
The team that an MSP assigns to manage your company's cyber security is usually segmented into tiers, which assures you that any issue, ranging from simple fixes all the way up to severe issues like ransomware attacks, will be appropriately elevated to the right person depending on the severity.
When it comes to cyber security, working with third-party companies is almost unavoidable. While some companies may think that in-house staff can keep everything in-house, in reality they use third-party platforms to manage your network security.
While the thought of letting a third-party company manage the security of your data can sound scary to some companies, in reality, an MSP employs a variety of tactics to keep your data safe.
For instance, by creating a comprehensive Business Continuity and Disaster Recovery Plan, an MSP ensures that in the event of severe network outage, data loss will be kept to a minimal by restoring your network to the most recent backup, and that backups will happen as often as possible.
An MSP never gets complacent with your cyber security. They stay current on evolving trends and update your network accordingly to ensure that cyber threats don't make their way in.
If your business prefers more of a hands-on approach to cyber security then you may not want managed IT. With in-house staff, you can see and have face-to-face interactions with them on a day-to-day basis.
When you work with an MSP, you turn over the management of your network security to a third-party company.
While an MSP will keep you in the loop on major updates and emerging threats, signing a deal with them means putting your trust in them to effectively protect your network.
Companies who prefer to more frequently see updates and have a big hand in the decision-making process may not prefer managed IT. However, keep in mind that some businesses prefer a hands-off approach to cyber security as a means of taking the burden off internal staff.
RELATED: How MSP's Minimize Downtime
If You Want a Managed Service Provider...
As a Managed Service Provider (MSP), we understand that not every business is the right fit for our services. While we hope that this article clearly laid out the options your business has when it comes to IT, if you are considering managed services, we have a few tips about what to look for in an MSP.
If you are leaning towards a Managed Service Provider, here are some points to keep in mind.
Proactive System Maintenance and Upgrades
While your hardware and software might be brand new when your MSP first installs them, eventually they will become outdated. Be wary of MSP's that aren't vigilant about automatically updating your software as new versions emerge.
Ensure that your services contract allows for hardware upgrades as well as automatic software updates as they become available. Letting your MSP handle software upgrades also takes the burden of remembering to install these updates off of employees, which saves you time.
Along with automatically updating software and installing new hardware, your managed services provider should also proactively monitor your cyber security infrastructure for security flaws and patch any that arise.
Disaster Recovery Planning
4,000 businesses are victims of a cyber attack every day, and this number could keep growing in the future. In the event that your company is the victim of a cyber attack, waiting to make an action plan until an attack happens is too late.
Make sure your managed services provider will help you set up a contingency plan from the start of your contract that includes points such as the chain of command in the event of a cyber attack or network crash.
Additionally, on and off-site data backup is another major point that needs to be addressed in a contingency plan.
While a ransomware attack or network crash can cause minimal data loss if data is backed up, ensuring that data is backed up constantly to systems both on and off-site ensures that network downtime is kept to a minimal, which reduces the costs associated with network downtime.
Quality cyber security is more important now than ever before. As a small business, you are more of a target for cyber attacks than you may think, which is why your network security needs to continue evolving and staying current.
For more cyber security-related content, follow our blog!
Posted by Andre Schafer
Andre Schafer is a Technical Account Manager at Standard Office Systems. He has spent his entire career in the Office Technology and IT fields. For nearly 30 years, he has held various roles, including Technician, Trainer, Analyst, and Account Manager. Andre’s focus has always been to understand his customers' business needs to provide the appropriate technologies and services.