A wise old stock trader named Bernie once told me, “if it fly’s or floats, rent it, don’t buy it”. I think Geeks are the same way. If you are a large company, then maybe you can afford to staff the army of Geeks needed to keep a business up and running these days, if not, then you have to choose which ones to hire or learn to wear a lot of hats.

The 12 Secrets of SMB Security

Secret #12: Get Technical Expertise and Outside Help When You Need It

Cost: Low to High depending on the services needed

Technology skill level: Medium to High

Participants: Company Management and Technical support

Good technical assistance is a valuable asset for any business in today’s day and age. You have a business to take care of and cannot possibly manage all the security and risk concerns on your own. Therefore, it is important to have someone who is qualified in this line of work. Even this measure is not totally foolproof as new viruses are discovered on a daily basis.

Unlike most software tools and hardware components, technology security cannot be learned by trial and error. Security is not something which will remain constant. There are new dangers to security at every corner and that is why security measures need to be reassessed frequently. This frequent reassessment will enable you to identify when changes within the organization and new threats require an adjustment to some or all of the protection mechanisms.

But though this is important to have technical assistance, it is equally important to safeguard yourself. Those taking care of your technological security will be aware of your weaknesses and may use them to your disadvantage. Make sure they are able to explain whatever they are doing and how it is going to help you prevent attacks, recognize intrusion and recover if need be.

Hardware and software components are designed for easy installation and use and with the purpose of enhancing security. A wide range of information sharing capabilities are available but should not be used without careful consideration. Additional time and effort is required to implement security, but without it your network can be compromised and your information taken or destroyed without your being aware of anything unusual.

In addition to the Internet attackers attempting to compromise all types of devices for unknown purposes and data snoopers looking for ways to steal personal and financial data, others such as your competitors, current and former employees, and family members may be seeking ways to learn more about your business, employees, and customers. Whether their reasons for snooping are that they are doing it for fun or whether the reason is that they are trying to get at you, the outcome to your organization will be a loss of your business reputation, potential harm to customers, potential fines and penalties, and loss of time while you explain why you let this happen.

The only way to stop such things is by following the best practices of cyber security. Start by asking the individuals handling your technology support how they are addressing the security practices in this booklet and if they need additional assistance.

If you are considering hiring outside assistance, evaluate the following:

1. Review past work experience

2. Review partial client list and ask for references from current customers

3. Ask how long the company has been in business

4. Ask who, specifically, will be assigned to do your work and their qualifications and relevant certifications

5. Ask how they provide support, what is done at your site, and what is done offsite

6. Ask how offsite access is controlled

Make sure you have made arrangements for all of the security practices described in this booklet. If internal staff is handling some of the technical work with the assistance of a consultant, make sure everyone knows what they are to do and how they will work together.

Make sure you have included minimum performance requirements, monitoring mechanisms, and a termination process before establishing any technical security support.

Additional Steps

Through organizations such as the Chamber of Commerce, National Association of Manufacturers, National Federation of Independent Businesses, the Internet Security Alliance, and other peer groups and conferences, ask others about their approach to security and what they feel has been successful.

Establish periodic reviews of your security service, whether it is being handled internally or externally (annually at a minimum and preferably once a quarter) to determine if existing support is sufficient and identify if any further improvements are needed.

This is an example of how we tend to undermine the need for cyber security and how it leads to undesirable consequences.

Venture Capital Research Firm and Law Firm Try to Get by Without Good Technical Assistance—Regret the Decision

A three-person venture capital research firm realized how dependent their business was on the Internet when their e-mail went out due to a virus just before two of the partners were due to take extended business trips. Although the firm received over 600 e-mails a week and used the web as its sole source of promotion, it felt it could not afford a full-time tech expert. The partners had to cancel the business trips fearing they would lose their customers if they could not keep in touch. It took three frantic days of calling around before they found an expert to talk them through their problems.

An Albany NY law firm with about 20 computers lost its network administrator and failed to replace him for six months. When the firm finally brought in consultants, they found a variety of vulnerabilities. In addition, updates had not been applied to the server, the anti-virus software had not been updated, and the license had expired. After the technical consultants turned in their analytical report, but before they had begun to repair the situation, the law firm was hit by a virus. Many of the PCs were affected and hundreds of files were compromised.

Thanks so much for taking the time to read Part 14 of 15 in the “The 12 Secrets of SMB Security” series. Please feel free to contact CopiaTECH with any questions about anything you read or your small or medium-sized business and cyber security.

Please continue on to the final installment, Part 15 in the series, “We will gladly refund your misery”.