By Jim Lapointe
It is well known that the cyber world is a dangerous place and becoming more dangerous every day. Threats to businesses like ransomware are causing real concern and notable monetary damage to many small to mid-size businesses.
If the ever-increasing threats are not enough of a reason to take a deeper look at your business’s data security (and those reasons should be enough) there is another reason: regulation. Governments are taking a more active role in security and enforcing regulations for minimum security standards as well as fining businesses that do not meet those standards.
In fact, at the National Governor’s Association recent meeting, a majority of State Governors agreed to increasing cyber security standards. The problem for many small to mid-sized businesses (SMBs) is keeping up with those regulations and finding solutions that are price-competitive.
As an example, each state has their own statutes for protecting personal identifiable information (PII). Some are vague and advise businesses to take “reasonable” precautions. New York has a more defined policy that outlines specific steps businesses need to take to protect PII.
If your business does not meet these standards and is the unfortunate victim of a breach, expect a fine to go along with your other headaches.
Other more recognizable regulations include those regulations for health care businesses with the enactment of HIPAA (Health Insurance Portability and Accountability Act) and with PCI DSS (Payment Card Industry Data Security Standards) for any business processing credit cards.
Regulations continue to filter down to more and more small businesses. Any business doing contract work with the federal government must comply with a National Institute of Standards and Technology (NIST) regulation beginning later this year.
Why is now the right time to rethink your security practices if you are in the SMB segment? Not knowing the compliance regulations your business should be maintaining is not an excuse for non-compliance. In addition, many MSPs (Managed Service Providers) are revising their security offerings to fit your market, new regulations – and budget.
Competition among MSPs has forced the leaders in this space to build out competitive security solutions for their market space. Many offer à la carte security services that allow you to pick and choose the solutions that make sense for your business and at the price point you are comfortable with.
There are services like penetration testing, scanning for PII, dark web (the part of the Internet that you don’t want to be in and not searchable by standard search engines) searches for your company data, enterprise mobility management, encryption services, awareness training and many more services available to your business. These services can dramatically improve your business data security and reduce your risk of liability in case of a breach by complying with regulations.
Times are changing. If you are running your business the same way you were three or four years ago, you are not staying the same; you are falling behind. This is particularly applicable to data security.
The threats have evolved in the last few years, regulations have evolved, so your defenses should be evolving as well. The evolution of the available security solutions for your business make this the right time for your business to review its security practices. Don’t be a victim, be prepared!
Lapointe is president of Colden Co. Inc. in Ballston Spa.