According to almost every digital security expert in the industry, digital security threats are moving downstream very quickly. This means that cyber-criminals are no longer only spending their efforts on big fish like Target or the Defense Department, but are targeting less sophisticated and more vulnerable candidates in the small and midsize business market. In fact, according to 2013 research by Ponemon, over 1/3 of all cybercrime targeted organizations with less than 250 employees and 60% of these companies went out of business within 6 months of an attack, according to Infographic.

In a recent blog, we highlighted how a sophisticated spear-phishing attack at a local Portland non-profit cost the small organization over $15,000 in precious capital. Recently we saw a ransom-ware attack at a different prospective client, and Upward has seen a significant increase in the sophistication and intentions of malware, costing numerous clients significant time and money.

As a Small or Midsize Business owner or manager, you have to trust your chosen resource, whether in-house or outsourced, to stay in front of these malicious threats. Cybersecurity is a moving target that evolves every day, and it can destroy decades of effort in an afternoon.

What are the first three IT security questions you need to ask your IT provider about your businesses security?

How are we preventing insider threats?

According to the PwC Network here are the [top 2014 offenders of insider crimes]:

  • 35% are current employees
  • 30% were former employees
  • 18% are current service providers, consultants, or contractors
  • 15% were current service providers, consultants, or contractors
  • 13% are suppliers and business partners
  • 11% are customers

Insider crime, from disgruntled employees or consultants, is a threat. In the old days, this meant that someone printed out a customer list the night before they quit. Nowadays, the insider threat is that your entire database or accounting system could be hacked, disabled or destroyed. The employee could leave with a lot more than phone numbers and contract values. There are some common-sense solutions to this which include firewall strategy (re-iterated for other reasons below), auditing tools within your server to track logs, backup, and data-recovery solutions and an air-tight permissions strategy to combat this. These should be reviewed regularly.

What is our perimeter security strategy?

More specifically, do we have a firewall and what is it doing for me? The firewall is like the moat to your castle, it blocks threats before they get inside. A sophisticated firewall will allow you to run advanced software that is constantly updated for zero-day threats to stop viruses, malware, or intrusion attempts. It is a place you should not skimp on investing. But just having a firewall in place is not enough, you need an individual or team to monitor the threats and actively tune the firewall to optimize its effectiveness.

Do you and your IT provider have cyber insurance to cover the threat?

60% of Small and Midsize businesses fail within 2 years of a cyber breach according to Infographic. So a critical piece of the equation is insurance to protect your business from liability. Every business should review their Professional Liability Insurance and be certain that they can cover their clients’ losses in the case of a breach. But it is equally important to ask your IT provider whether they have taken the steps of creating their own policy to compensate for losses in the case of negligence or a breach to their systems.

To learn more, review another terrific IT security article here:

If you have any doubt about the effectiveness of your security plan or feel another set of eyes would benefit your business, reach out to Upward today. You can never be too secure!