Top SMB Security Concerns and How MSPs Can Help
So far, 2017 has been a year of large-scale, global ransomware attacks and, in many cases, small to medium-sized businesses (SMBs) have borne the brunt of the damage. According to a recent ransomware study by the Ponemon Institute, the average ransom SMBs paid for their files is $2,500. Add to that the 42 hours respondents reported spending, on average, to deal with the security incident (Ponemon, 2017). Now think about the damage to a company’s reputation, and the fines they’d have to pay if customer data were leaked as a result of the attack (approximately $141 per record, according to Ponemon’s global analysis on the cost of a data breach.) When you consider all the associated costs, from ransoms to fines to man hours, you can see how a single attack could put an SMB on the brink of bankruptcy.
The increasing and evolving nature of these devastating attacks is forcing IT decision-makers (ITDMs) to re-evaluate their security strategies. How well equipped are they to protect their data? How are they adapting their approaches to keep pace with a barrage of new cyber threats?
To find out, Webroot commissioned a study of more than 600 IT decision-makers (ITDMS) at medium-sized companies in the U.S., U.K., and Australia for their take on their own security preparedness and concerns.
Key Findings from the Study
- 96% of those surveyed believe they are susceptible to cyber threats.
- 71% don’t feel ready to address an attack.
- 94% are updating their security budgets to account for mitigating new threats.
- 90% of ITDMs believe outsourcing IT solutions would protect their organizations against threats and increase their bandwidth to address other areas of their business.
As you can see from the latter two statistics, the current cybersecurity landscape and lack of SMB preparedness represent a big opportunity for managed security providers (MSPs). Among businesses that do not currently outsource IT security support, 80 percent will likely use a third-party cybersecurity provider in 2017.
What You Can Do to Keep Clients Safe
- Practice good hygiene: Nearly 80% of the cybersecurity risks your clients face can be drastically reduced by basic and continuous maintenance. Make sure clients have antivirus/antimalware protection on all endpoints, and that it stays up to date. Always patch applications and operating systems in a timely manner, especially critical security updates. Help clients implement strong backup policies, and test backups at least once a quarter. Don’t forget to include a strong firewall, and consider segmenting clients’ networks to protect critical operations.
- Teach them to fish (or, rather, teach them not to get phished): Phishing is behind 90% of security incidents (Verizon, 2017.) And over 97% of phishing emails deliver ransomware (PhishMe, 2016). If your clients are going to stay safe, they need to know how to spot suspicious emails, links, websites, etc. With the advent of online, self-paced courses for security education, you can provide training easily, efficiently and cost-effectively. (If you haven’t heard about Webroot Security Awareness Training, currently in BETA, learn more here.)
- Cover your clients’ assets: When threats continue to evolve at such an alarming pace, there’s no such thing as 100% protection. Despite your best efforts and precautions, there’s still a chance, even a slim one, that your clients could get infected. Talk to them about a cyber insurance policy. Having insurance goes a long way toward helping your clients recover quickly and cleanly in the event of a breach.
As a managed service provider, you have the power to not only secure businesses, but also to empower them to become more security savvy, and to streamline their operations by freeing them up to focus on non-IT related tasks. It’s up to you to educate clients and prepare them for the next generation of attacks.
For more insight into SMB cybersecurity concerns and areas MSPs like you can turn into opportunity, read the full Webroot-commissioned study.
Guest blogs such as this one are published monthly and are part of The VAR Guy’s annual platinum sponsorship.