There is no one simple solution that will eliminate all business security risks. However, organizations can thoughtfully build a robust internal culture of security that can profoundly decrease those risks. This holistic approach starts from the top down.

Leadership must take a holistic, integrated approach to security because the risks are extremely high. The average cost of an attack is nearly $3 million. That number includes ransomed accounts, system outages, and downtime. According to a 2018 report, 40% of small-to-medium businesses experienced eight or more hours of downtime due to a breach.

These are just a few of the efforts that businesses with a robust culture of security take:

• Regular security awareness training for employees. Your employees are vital to your success but are also your organization’s weakest security link. A properly trained employee, for example, would know how to spot phishing attempts. Unfortunately, of the millions of spam emails sent daily that filters don’t block, the vast majority are unknowingly opened.
• Thorough assessments. You can’t protect what you can’t find. Businesses that haven’t had standard policies in place guarding how, where, and when customer data is used and shared likely have exposed that data to risks. For example, maybe you make sure sensitive customer data isn’t stored in employee email inboxes – which is very risky. But have you also made sure the info isn’t being stored in the email sent folder? Do you know if your company copier stores copies of the data sent and received? A thorough security assessment will tell you the many places your data is hiding. 

• Configurations. When you purchase equipment, software, or subscriptions, be sure to configure or turn on any of the services that can protect them. If you don’t, it’s essentially the same as having a high-tech home security system installed and never turning it on. You can sleep at night, but are you really secure?
• Real-time monitoring. When a business purchases a managed security software, such as a SIEM, it’s vital that the product be properly configured and monitored on a 24/7 basis. If nobody is addressing a threat in real time, the system is a waste of money and provides a false sense of security.
• Preventative maintenance. For all operating systems, patches and updates are essential to keeping your system up-to-date, stable, and safe from malware and other threats. Here’s what patches can do:
  • Address a specific bug or flaw
  • Improve an OS or application’s general stability
  • Fix a security vulnerability
• Outsourced management, infrastructure and IT services – The 1 reason companies hire managed service providers (MSPs) is for their security expertise. An MSP such as C Spire Business has a large team of highly certified IT network experts and security specialists whose sole responsibility is to partner with your IT team or leadership team to ensure your success with operational quality, cost-effectiveness, security, and more. Managed security is like putting a chain-link, 12-foot fence around the entire perimeter, along with armed guards and dogs that patrol 24 hours a day, seven days a week. They are constantly watching in an active state, in real time. If someone attacks the property, the MSP immediately addresses that threat.

C Spire Business' Rusty Goodsell has more than 15 years of experience building IT strategies for businesses of all sizes in a variety of industries.