Best practices for small businesses: How to convince your boss to invest in cybersecurity

The numbers speak for themselves: According to Foundry’s 2021 Security Priorities Survey, nine out of ten security leaders believe their organizations are underperforming when it comes to managing cyber risk.

Investing in hardware and software to better protect sensitive data from cyberattacks is a proven practice, but it doesn’t come cheap.

But cyber vice president Candid Wüest says many small and medium-sized business (SME) leaders mistakenly believe that their organizations aren’t targets and that it’s a waste to spend more money on cybersecurity. computer security if they are not violated. Conservation research on Acronis.

However, according to a new report from Acronis, many organizations spend less than 10% of their IT budget on security.

But the problem is not just in security spending, adds Wüest; Small budgets usually make it difficult to meet all of the company’s needs.

He also says many SMBs use third-party security services, making it “hard to see the amount of work going into privacy and security, and with it the benefits to the CEO or president.”

Security risks are increasing for SMBs

The truth is that cyberattacks are becoming increasingly sophisticated as attackers now use automation and machine learning, making it harder to block threats with traditional security solutions.

“This is especially true when businesses embrace digital transformation and use new online services that need to be protected,” says Wüest. “Without adjusting and updating the cyber protection stack, these vulnerabilities will only increase over time, making it easier for attackers to find and circumvent them.”

Meanwhile, employees continue to pose a threat. Acronis research found that 56% of employees lost data at least once in 2021 due to accidental deletion, application/system crash, malware attack, a lost/stolen device, etc. Additionally, 26% have lost data multiple times.

Cyberattacks can be devastating for businesses of all sizes and can result in hefty fines, lost revenue due to downtime, and serious reputational damage. In fact, according to the Acronis report, 76% of organizations experienced downtime due to data loss in the past year, a 25% year-over-year increase.

Investment advice for cybersecurity

So how do you convince business leaders to increase your security budget?

One way to demonstrate the need for security software is to run a hacking exercise or external penetration test to identify potential flaws in your protection suite. A list of these vulnerabilities should be accompanied by a plan to fix them, says Wüest.

For example, metrics on the number of blocked events in the IT environment can help illustrate risk. Combine that with recently published examples of what can happen if a business isn’t prepared, and an explanation of how vendors or managed security service providers (MSSPs) can fill in the blanks.

Other security measures include strong authentication, setting appropriate access and control rights, timely patch management, and using segmented networks. Also, make sure you have backups and a disaster recovery plan to minimize downtime in the event of an event.

“A good email security solution should follow these steps,” says Wüest. “Most attacks start with a malicious email or a phishing scam. If these threats can be filtered out before they reach the user’s inbox, the risk can be minimized.

Because there are many moving parts to analyze, it’s also important to consolidate vendors and look for automated and integrated solutions, he advises. “It can help you reduce overall costs and allocate budget.”

From apps to infrastructure, click here Learn how Acronis can help your business eliminate security vulnerabilities and protect your business.

Copyright © 2022 IDG Communications, Inc.

Leave a Comment