It’s a reality no business owner really wants to confront – the fact that the company they built with their blood, sweat, and tears is just as vulnerable to disaster and cybercrime as any other. More-so, in the case of small and mid-sized businesses. While natural disasters, hardware failure, and incidents such as fires are fairly static and unchanging, cyber-crime is quite the opposite.
As we bring more and more of our lives and businesses into the digital realm, the payoffs for a canny cybercriminal increase exponentially. And the greater the payoff, the likelier a hacker will be to put work into a complex cyberattack. Not to say that’s the vector most of them use, of course.
After all, 90% of cyberattacks succeed not through sophistication, but social engineering.
Still, with big name ransomware infections such as WannaCry and NotPetya making the rounds on the news – and with regulations like GDPR just over the horizon – it’s not surprising that disaster recovery and security recovery are at the front of everyone’s minds. And it’s equally unsurprising that many businesses are, upon evaluating their security, disaster readiness, and internal resources, opting to bring in an external expert.
“In the cases of IT security and disaster recovery, the motivation to outsource is typically not about saving money, and more about the skills of the internal staff,” writes Sarah Kimmel of Channel e2e. “Security risks are changing and growing at an alarming rate, and being up to date with the latest know-how can be a full-time job on its own. Outsourcing these tasks makes sense for a company that is having a hard time keeping up with these trends, as can be the case with many smaller firms where technicians are expected to perform multiple functions.”
In other words, if your company lacks the expertise, outsourcing to a third party is probably more economical than trying to hire or train someone. Not only that, if you’re outsourcing stuff like data backups and failover, you drastically reduce the likelihood that ransomware will knock out your backups. You also up the chance that you’ll be able to maintain business continuity even in the face of a ransomware attack.
Finally, as new technology like artificial intelligence and predictive analytics start to take off, managed service providers offer businesses the ability to tap into advanced platform for such innovations. These are capabilities that many organizations – especially small businesses – lack. And as cyberattacks grow more rampant, advanced, and targeted, they’re capabilities that every business will inevitably need.
That said, outsourced services aren’t necessarily the golden goose some are making it out to be. In the long-term, relying too much on outsourced security technicians could mean that, as your business grows from small to large, you’ll start finding it difficult to keep up with the costs. Additionally, outsourcing stuff like client technical support is always a risky proposition – it’s great if you can find a provider that knows your products well enough, but there’s always the chance you might be left with some very angry clients.
That isn’t to say you should abandon the idea of outsourcing altogether. Far from it. Rather, you should outsource selectively. Look at it as a way to augment the skills your IT department already has – not as a means of replacing your IT department altogether. As your business grows and you gain the capital to support more in-house professionals, you might even find that more economical than relying on a third party.
At the end of the day, though, it’s your call how you want to do things. Just remember that outsourcing, while valuable, isn’t always the perfect solution to your problems. Every business is a little different – and you need to account for that.
Tim Mullahy, General Manager at Liberty Center One