How to Implement Cybersecurity to Fit a Company’s Needs

Matthew Courchesne

Everyone knows the feeling when you put on the wrong-sized clothes. The style, color and fabric are fine, but when it comes to the fit, something isn’t right. This scenario can also happen in business in respect to the way organizations approach a key business strategy: cybersecurity.

For small and medium-sized organizations that have similar core cybersecurity functions, it can be easy to get confused about what level of protection is needed for your business. The only way to understand a company’s cybersecurity needs is to evaluate how the business works and the maturity of its IT.

In small to medium-sized companies, IT is often outsourced to an external administrator who remotely provides IT and cybersecurity system maintenance. Along with the installation of office applications and the purchase of corporate PCs, the administrator manages protection by installing a security solution to new devices, checking for program updates and ensures that protection is always active. The company likely does not need in-depth incident analysis or fine-tuning of user access for different services. Its infrastructure may include one server rack or even no on-premises servers at all and can likely store company information in the cloud.

While 100% protection against cyber-incidents cannot be guaranteed by any information security company, the use of specialist protective tools can minimize the damage and consequences of an incident. Any downtime caused by an incident or data breach can cost a company money, customer loyalty and reputation. Medium-sized companies are at risk of losing up to $120,000 as a result of a data breach, a big portion of which will go toward resolving reputational damage as well as paying compensation and fines.

We can safely assume SMBs are unlikely to be overpaying for more expensive security services, but a large company seeking to save money by using a product that doesn’t meet its needs will quickly realize the error of its ways. To make the right service choice for their customers, providers need to look at the maturity of clients’ cybersecurity functions, which commonly correlates with the size and maturity of the entire business.

Adam Lloyd, president and CEO of North American MSP Pioneer Technology, which specializes in managing IT services, said his company generally focuses on providing end-to-end IT support and services for most of its customer base, especially in health care, financial, manufacturing and for other multilocation customers it works with.

“Smaller to medium-sized businesses are aware of the importance of IT security, but they don’t always have the same resources or technical ability to deal with them as larger enterprises do,” Lloyd said. “As a result, they expect their MSP to act as a true security partner to point them in the right direction and ensure the technology they have in place will protect them and their data.”

Lloyd said Pioneer evaluates security needs as part of every engagement it enters because many of its customers are in regulated industries with high-stakes impact if something goes awry. “It’s part of Pioneer’s effort to insulate customers,” Lloyd said.

‘Roll Your Own’ Approaches

It’s also equally important that service providers identify their own goals and resources, such as infrastructure, human resources and technical skills. For example, if providers work only with cloud services (‘born in the cloud’ MSPs) or look to speed deployment to new customers and easily manage all clients through a single console, they will work best with cybersecurity delivered as-a-service that can be overseen through a cloud hosted console.

Alternatively, providers who have developed their own infrastructure can choose …