Big companies have full-time IT staffs, but what about smaller businesses and what should they look for in vetting third-party cybersecurity firms?
Editor’s Note: This is the third of three installment in a series on cybersecurity. Find the first installment here and second here.
In the last couple of issues we’ve discussed the risks to your business from a cyberattack. In the second, we looked at all of various attacks that are out there right now. Now we’ll discuss what can be done about the risks you face.
What you do will depend on where you are in the aftermarket chain. The big companies have full-time IT people on staff. As a result these experts work with others to design an appropriate approach. They deal with things such as the International Standards Organization (ISO), or working with firms that help them be CMMC (Cybersecurity Maturity Model Certification) compliant if dealing with government entities. And there are a number of others.
So what might a small business do? I sat down with Vito DeFrancisco of Centurion Data Systems (CDC). I, and many others, have all had CDC as our IT managers and security managers since 1990. Vito shared that there affordable and adaptable security systems that may help. According to Vito “There was a day you could get an anti-virus program for a few bucks on the internet. The issue with these are that the cyberattacks are coming from so many directions now that it takes a coordinated systemic IT approach to ensure there is adequate security.”
The bottom line here is that we all need help. There are many companies that offer system services. The following is a list of questions when you are deciding to hire:
- Do you work with any other Point of Sale systems? Who?
- Assistance with Gap & Remediation testing and work? How much?
- Do you work with credit systems requiring PCI/PCS (Payment Card Data Security Standards) compliance? Who?
- Where will our information be held? On a cloud system? Which one? (Data is better served within your system. If in the Cloud, an internet outage means you have nothing.)
- Are any of your services outsourced to a third party? Who and what?
- What happens if there is a cyberattack? Have you worked in that situation?
- How often are your systems updated?
- Who provides training for me and my crew? How often?
- What accounting and business systems do you work with? Are you accredited in any?
- Will you provide a risk assessment and plan up front? What, if anything, does that cost?
- Are we able to get a 5 year plan upfront? Will that plan include a hardware plan?
- Are we able to access 24/365 service?
- Are you able/willing to handle any home system that has a connection to the business system?
- Do you have bonding and/or insurance in the event there is a problem?
- How do you vet any third parties to be involved?
As with any service business, the best way to find good recommendations is by word of mouth. Ask others who they use. Ask others if they have had a cyberattack and what type it was. Ask how did their service, if any, respond. And ask how quickly they received a call back. You will receive no warning of a cyberattack nor will it be on a comfortable timeline — it will just suddenly happen.
With your system security nailed down, the final issue to be addressed is cyber insurance. Yes, you read that correctly. Cyberattacks don’t wait until you are flush with cash and ready to respond to the lawsuits, fines and loss of customer business. They also don’t care what is going on at any given time. A data breach may well be the end of your business.
So, contact your business insurance agent/broker and inquire. From a wide variety of sources, it looks like the premiums are pretty affordable. You will want to ask what, if any, cyber losses are covered in your existing business plan. Cyber policies generally cover things like liability lawsuits, business interruption, and other recovery costs not in your existing business package. A few sources have indicated that one example would be a $1 million policy with a $10,000 deductible. As always with insurance, if you absorb the little ones and they cover the “big one” it costs less.
Remember, the costs of security breaches in cash and trust can really be huge. And, there are a number of ways your system may be breached and growing. But, there is something you can do about it. Don’t be the next cyberattack victim on your block!
At a young age, industry veteran Tom Langer started detailing cars for his family’s dealerships, which then led to work in the jobber and warehouse business, along with a machine shop and auto body shop. He held a variety of positions with an auto parts manufacturer for 10 years, and remained in the industry working with shops, warehouses and manufacturers in research and more.
Comments are closed.