It is an unavoidable fact that all businesses in this day and age rely on data and the ability to use and access it securely. It would not be inaccurate to suggest that many businesses would cease to function if their IT networks were compromised or disabled and that most would not recover if this went on for a prolonged period of time.
With this much at stake, it is surprising that many businesses still rely on many of the cybersecurity procedures and measures they had in place a decade ago. In that time, both the technology involved and cyberthreats have increased in sophistication, as has the way that many employees work.
Change in business environments
Even before the current coronavirus pandemic, the number of people working remotely, both as full-time employees and as freelance contractors, has increased dramatically. As the human element is often the weakest link in the cybersecurity chain (more on that in a moment), this increases the likelihood of a security breach many times over.
The recent trend to moving to remote cloud-based security and introduction of SASE (Secure Access Service Edge) systems, which combine WAN, firewalls, secure gateways, and zero-trust network access to safeguard against these threats, is regarded as a positive move.
Threats increased by remote working
It could be a mistake to assume that such a system would be ‘overkill’. As already mentioned, the human part of the process is the most flawed, with a large number of attacks being unwittingly aided by a company employee. This situation has not been helped by the relocation of most of the workforce over the last 12 months.
Many office-based employees have gone from working in a secure, controlled environment to working from home, where they might not have a dedicated space to work from and could have a host of distractions that they would not normally have in their 9-5 role.
Threats have become more sophisticated
This can lead to behavior that can leave them more susceptible to threats, as well as the fact that their computer might be accessed by a younger member of their family who would not exercise the same level of vigilance when clicking an enticing-looking link in an email.
However, these threats have moved beyond the clumsy efforts sent out in tens of thousands in the hope of catching somebody who might accidentally or absent-mindedly fall victim. While simple phishing emails (which are made to look like they came from a reputable source, but in reality are attempts to capture a login or card details) still exist, cybercriminals have upped their game.
More targeted, more bespoke phishing attempts (known a spear phishing) containing more detail that is particular to the recipient are becoming more frequent. These are sent only to much smaller groups or people in the same company to make them look more genuine and are much harder to check, especially if the intended victim has distractions.
Outsourcing IT Support
The volume and sophistication of these threats often mean that they cannot be dealt with ‘in-house’ as they may have been in many small businesses previously. Outsourcing IT support, which will often entail upgrading to a cloud-based system as part of increasing network security, has a number of benefits.
Initially, the move to a cloud-based system negates the need to upgrade any physical servers a business has on its premises. This is an immediate cost saving that will help offset any outsourcing costs. This will be an ongoing saving as a switch to a cloud-based service will expand as a business grows.
An additional benefit of outsourcing a service to a specialist company is a task that may have been performed by an inadequately trained and poorly resourced member of staff is now being completed by a team of experts with specialist equipment and resources. Not only will this increase the effectiveness of the process, but it will also have the benefit of freeing up a member of staff to concentrate on the core business interests.
Outsourcing IT support and cybersecurity would seem to be a ‘must have’ for any business looking to expand in the near future or one that has not updated its IT services for many years. There are, of course, cost implications with doing this, but with the cost of a data breach running into tens of thousands of dollars (without considering the damage to a company’s reputation), it would be considered by many as an entirely acceptable business expense.