So, you’re a small business - but you’re growing fast and are a little concerned about some virus getting into your systems and mucking things up. You know you aren’t large enough (yet!) for some hacker to specifically target you but you are still concerned one of those pesky mass viruses from some website could somehow get in and infect your entire network. Perhaps from an employee’s PC (browsing that new website for local homemade cakes) or from the dozens of client emails you are now regularly receiving (some of whom couldn’t care less about their laptops being infected since they barely use them).
The thing to realize is that cyber security should be looked at like insurance and health. You pay for cyber security “just in case” some virus may come your way and you pay for it so your computers are “healthy” and therefore running at 100%. It’s a lot cheaper to pay for a 3-month cyber security package than to waste 2 whole business days fixing things because a common virus infected every single office PC and made simply opening a browser an annoying 7-minute affair.
Here are a few quick checks to consider:
Risk-to-cost: If you’re looking into cyber security (and have never needed or thought about it before) chances are something happened. Perhaps that homemade cake website brought a virus that meant you had to spend Monday and Tuesday reformatting all your PCs. You managed to save on calling in a professional (since we all know how much that can cost) but you still lost two days of business and are now working double time for the rest of the week to not let your clients down. Ask yourself how much money you ‘lost’ during those two days. A good amount to spend on cyber security may be roughly half that.
Threat-to-cost: This comes down to you and your business specifically. If the only thing your office computers are used for is internal accounting to keep track of furniture sold, perhaps simply disconnecting these computers from the internet may be a far cheaper way to protect your business than buying any cyber security at all. If the only thing you are worried about is a mass virus getting into your PCs, an off-the-shelf cheap anti-virus software may be more than enough. The point is that you do not need to buy top of the line stuff. That’s for businesses such as banks who have valuable information they can’t operate without (or lose) – and crafty hackers who KNOW this and target them regularly. No need to buy a safe if you keep no gold.
Time-to-use: Basically, this pertains to how long it takes an employee to use and understand the anti-virus software or cyber security protocols you’ve put in place. Does it take an employee on average only a few hours to understand how the system works? Do they understand how to update the software? Do they know when to “ignore” those potential threat messages that may simply be the system being overly reactive? If the software you have is not user friendly, you may want to re-think using it. No point buying something you can’t use.
Cost-to-switch: This is something to check once every quarter. If, for example, you find out there is a similar yet cheaper cyber security service your “tech savvy” competitor uses, you’re only throwing money away by using your current system. You are, after all, a business and even a 100 quid per month can begin to add up for a small business! (Tip: If it’s a new cyber security service, ask for a trial period which may get you a “free” month)