Gone are the days when you could rely on your “IT guy” to know everything about IT support. Before the Internet as we know it today and cloud computing, IT support for small businesses was pretty simple. Companies’ IT systems included desktop PCs connected to a dedicated server. All your “IT guy” had to do was know how to connect the system, install your software programs, and do back-ups. They might have to perform software updates, or defragment your disk drive, but cybersecurity was not a concern.
Times have certainly changed. Now, your “IT guy” needs to be a risk management and cybersecurity expert. They must know about things like email protection, encryption, and archiving; vulnerability scanning; dark web detection; anti-virus and ransomware; dual factor authentication… the list goes on. They also must be up-to-date on all the latest patches and be aware of the latest risks. So how do you differentiate between a legitimate IT support service provider and a garden variety “IT guy?” After all, there is no standard or license required to be an IT professional or an IT service provider. Here are some tips to help you protect yourself from the scammers.
Avoid IT Support Providers Who Use Scare Tactics
Some outsourced IT support providers rely on a business owners’ naivety and lack of understanding about their vulnerability to cyberattacks. These companies are low-hanging fruit not only for cyber attackers, but for IT providers who prey on them. First, they feed their fear, uncertainty, and doubt (we call it the FUD approach) about actual concerns, and then use a “just leave it to us” approach. A qualified and knowledgeable IT provider won’t try to scare you. Instead, they will educate you on what needs to be done, so you fully understand what they are doing.
Don’t Take Unsolicited Advice
Cybersecurity companies that provide you with a free risk assessment that you never requested or authorized are a red flag. The assessment will report “findings” from an examination of your IT environment. Most likely, all they did was scan your public website looking for vulnerabilities. Then they recommend several IT security steps as part of a sales pitch. These companies are relying on the fact that you know little or nothing about your IT.
Cybersecurity Starts with You
The best cybersecurity starts with you, the business owner. You must determine the vision and risk tolerance you want in your business and create policies to meet them. Assessments by trusted third party providers who have pure motivations and are objective will help you understand the real gaps in your cybersecurity. They will work with you to create an action plan to fix them, on your timetable.
Trust and Verify
As a business owner, you rely on the Internet and cloud computing to conduct daily transactions. Now more than ever, its important for you to become educated on IT risk management and learn how to hold your IT providers accountable. We need to trust and verify, not just trust.
A great place to start your self-education is this cybersecurity framework website. It will show you how to identify your critical systems, identify your risk and how to assess your IT. Ultimately, you will learn how to be in the driver’s seat with your IT provider to ensure you are getting the IT delivered at the level your business needs.
By Karl Bickmore, CEO