Effectively Mitigating Risk for the Modern Small-Mid Sized Business

November 2nd, 2020

Hey everyone - Adam here. October has typically been Cybersecurity Awareness month. Usually that means tons of posts on social media asking you to use a password manager, complex passwords, touting the new antivirus product, or some other wiz bang piece of tech to keep you safe on the internet. At the end of the day these tools seek to do one thing – help you mitigate risk. It’s this concept of risk that’s often the overlooked aspect when it comes to tech companies, cybersecurity awareness, and marketing. So, let us take a moment to dive into that concept and what it may mean for you.  

Before we dive in, I want to talk a little more about risk. For those out there that don’t know, I’m a huge space geek. If NASA is doing an open house – chances are I’m there. If there’s a launch happening chances are, I have the stream up on a screen. And when possible, I try to make the annual pilgrimage to Kennedy Space Center. Fortunately, the last few years have put space back into the public eye, most notably thanks to Elon Musk and his fancy landing rockets. If you’ve tried to tune in to some of those launches, you might have been bummed to see that the launch was delayed – even if it was a perfectly sunny day. The reason for that all comes down to risk. Perhaps it was too windy thousands of feet off the ground that could have destroyed the booster, perhaps a sensor was suggesting hardware wasn’t performing properly, perhaps there was a risk of lightning, or perhaps there was direct risk to humans if a wayward boat got too close. These rules and conditions might seem crazy somedays, but these exist to mitigate risk. 

So how does one effectively mitigate risk in the modern SMB space? Unfortunately, just as it is with aerospace, there is no simple solution to managing risk. There are some things that you can do to get started.  

  1. Maintain your technology ecosystem. This means modern versions of Windows and up to date software. We have seen over the years various threats introduced to businesses that leveraged technology that had been out of support for YEARS to get a foot hold on a network. In some instances that could have been avoided by keeping the company’s tech current.  
  1. Patch your systems. New exploits surface constantly. These are often addressed by the creators of the software in the form of updates yet many times when I’ve gone on audits, prospective systems have not been patched in weeks or even months. Barring a critical incompatibility with a core business app there’s little reason not to be doing this.  
  1. Protect digital identities. What’s that mean? In a nutshell it boils down to keeping your accounts secure. Are you using complex passwords? Is multifactor authentication enabled? Are you monitoring for suspicious account behavior? Microsoft bakes a plenty of these features into its Microsoft 365 licensing. Are you taking advantage of it?  
  1. Utilize modern security infrastructure. Modern firewalls offer a ton of tech features to filter & block malicious network requests. Some of those, such as the Sophos XG line can integrate with their antivirus products to offer some powerful security features – such as the ability to isolate infected endpoints on the network. I have seen this in action firsthand and it is a life saver.  
  1. Retain and leverage your trusted advisors. Let’s be real here – everyone has their own unique set of strengths and skills. Your trusted advisors in the tech space have the set of skills to help you mitigate these risks in your business. Additionally, those advisors who are kept in the loop as your business grows can help you proactively address those risks that are unique to your organization. For instance – are you bound by any compliance frameworks? Your trusted advisor should, not only understand the requirements of those, but should be helping you find solutions that enforce those. Furthermore, if they are engaged, they can help you and your staff get the most from your investment in technology.   

Let’s wrap this up. Risk management is not necessarily rocket science. However, there is still a lot to consider when it comes down to managing your organization’s risk. I mentioned a handful of key things you can look at yourself – but I want to stress this point. Engage the experts and make them your trusted advisors. We live in this world and we are here to help.  

Let me know your thoughts in the comments here and if you’re interested in exploring some options for some support please shoot me a message and I’ll direct you to some great folks.  

-Adam Evans, Technology Alignment Manager