5 cybersecurity procurement tips for any business

By Sean Marcil, managing partner at CirrusTel

In 2020, we had to send our employees home and figure out how they would be able to continue to perform their jobs, virtually, overnight. There was no time to go through the normal procurement cycle, do a proof of concept or truly vet a solution before it had to be placed into production. Even though it has been two years of running applications, equipment or solutions, there is a good chance you have a security gap, or concern, otherwise known as a vulnerability. Vulnerabilities can be devasting to businesses. Ninety percent of businesses without a business continuity and disaster recover (BCDR) plan go out of business (1). Yes, your BCDR plan needs to be part of your cybersecurity plan.

Given the rate of change in technology, applications need constant attention and visibility; even in a zero trust environment. Here are five tips that can help you ensure your business is better protected against cybersecurity threats.

Tip #1: People first. Seventy percent of ransomware attacks start with phishing (2). No matter how great your managed service provider (MSP) is, or what technology you are using to protect against malicious attacks, it only takes one click or download to be compromised. Training your employees, once per year, and making them read a policy is not going to solve phishing. Employees can be tricked to click, especially when they are multitasking. All users in your environment need ongoing training, and coaching, coupled with phishing test emails. There are companies that can assist you in this area, such as KnowB4.

Tip #2: Utilize an MSP. Hiring, and maintaining, a skilled IT staff is challenging, at best, and it is becoming increasingly difficult to retain talented employees. The demand for skilled workers is extremely high and they are routinely contacted by recruiters for positions at better salaries and benefits. If your employee is overworked, overloaded and thus stressed out, the grass is going to look greener elsewhere. By complementing your team with an MSP, you can be more strategic and handle the projects that fit your team’s skillset and/or the “fun stuff.” Let the MSP deal with the tactical items. The MSP provides service for many customers, so they are aware of more threats, sooner, and are better equipped to handle them more efficiently.

Given the cost and risk of a ransomware attack, or data breach, the cost of retaining an MSP is worth it, as you will benefit from the economies of scale that the right MSP provides. According to the FBI, individuals lost $6.9 billion to cybercrime in 2021! (3)

Tip #3: Do Annual Cybersecurity Assessments. The purpose of annual assessments is to understand gaps, risk exposure level, perform a health check to identify any vulnerabilities and determine if previously identified risks have been corrected. Some risks are inherent and cannot be avoided.  Cyber Insurance is highly recommended and Insurance firms will be asking the questions that are a part of this assessment. Also, (i) we recommend that you do not use your MSP to perform the assessment so you have a check and balance in place. (ii) Free cybersecurity gap assessments exist and just because they are free does not mean they are cheap or useless.

Tip #4: Use Disaster Recovery as a Service (DRaaS). DRaaS is a cloud computing service model that allows an organization to back up its data and IT infrastructure in a third-party cloud computing environment and provide all the DR orchestration. This SaaS solution will allow you to regain access, and functionality, to IT infrastructure after an outage. You may feel more in control if you own the redundant equipment, applications and processes; but that does not mean your cybersecurity risk is lower. The right DRaaS solution, and there are many flavors, can empower your team to manage to a service level (SLA). Ensuring it is ready to use (if needed) and backup systems are functioning properly. Most importantly, the DRaaS design should be tailored to use at the rate your business needs. Not all businesses need the same DR plan. This may be an old analogy but some companies still use tape, how many times has the tape been put in, and backup started, only to find out  that it failed.

Sean Marcil

Tip #5: Utilize an Agnostic, Trusted Advisor. Making timely and accurate decisions are paramount to the success of a business. Look for a trusted advisor that has the platform, and experience, to bring value to your team. Trusted advisors should have access to experienced third-party engineers, competitive intelligence, and be able to analyze the landscape of providers and MSP’s to  provide you with a concise report and data so that any of your stakeholders will understand how you selected the end solution.

For more information, contact Sean Marcil: Phone (813) 775-2410 or via email [email protected]

References:

 

You May Also Like
Tampa Bay Innovation Center names startups for spring accelerator program

The Tampa Bay Innovation Center, a technology incubator, accelerator and coworking office, has announced the startups that will participate in its spring accelerator program. Throughout the program, founders of these

Read More
Tampa Bay Wave opens applications for 2024 HealthTech|X Accelerator

Tampa Bay Wave, supported by a grant from the U.S. Economic Development Administration, has opened the applications portal for its inaugural 2024 HealthTech|X Accelerator program. Set to officially launch in

Read More
USF announced plans to launch college focused on artificial intelligence, cybersecurity and computing

The University of South Florida plans to create a college focused on the rapidly evolving fields of artificial intelligence, cybersecurity and computing. USF is the first university in Florida, and

Read More
Local space safety tech company joins Tampa Bay Technology Incubator Program

GuardianSat, a Tampa-based space safety technology company, has been accepted into the Tampa Bay Technology Incubator, a part of USF Research and Innovation. The Tampa Bay Technology Incubator offers access

Read More
Other Posts
USF and Florida Institute of Oceanography acquires a ‘Taurus’ for the sea

Researchers at University of South Florida and Florida Institute of Oceanography have acquired an operated vehicle, appropriately named Taurus, for deep sea exploration. Taurus can dive up to 2.5 miles

Read More
Real Estate Quarterly: An update on commercial real estate and office market

By Joanne LeBlanc, vice president at Colliers Office space is not dead. At least not in Tampa. In this market, companies continue to lease office spaces even if they are

Read More
Anthony Martino inducted as president of Hillsborough County Bar Association

Anthony Martino, at Older Lundy Koch & Martino, in Tampa, was sworn in as the new president of the Hillsborough County Bar Association. Martino is a civil litigator, with nearly

Read More
Trenam Law opens Sarasota office

Trenam Law opened a new office, in Sarasota, at 1515 Ringling Boulevard. Joining Trenam and the new office as a shareholder is Sarasota-native, Erin Christy. Shareholder Reid Buchanan will also

Read More