Return to overview
3 min read

What you want to know from your IT supplier in the field of security

3 min Read
May 3, 2021
By: Rik Dolfing
image
By: Rik Dolfing
7 March 2024

Within SMEs there is still the impression that they are not of interest to cyber criminals. Nothing is less true. The number of ransomware attacks rose by 715% last year. In 71% of the cases, an SME was the victim. “Cybercrime has become a multi-billion dollar industry that requires high-quality measures,” says Job Kuijpers, founder and CEO of Eye Security. “Traditional measures such as firewalls and virus scanners are no longer sufficient.”

As an SME, you don't want to worry about the digital security of your organisation. “Many companies do not employ an IT specialist, let alone large budgets to spend on IT and security,” explains Kuijpers. “Yet as an SME you can affordably have the level of security that the large corporates also have.” The secret to this is that you have to turn to a specialist for your security. “Many IT suppliers offer their customers security, but cybercrime has grown into a multi-billion dollar business and defending yourself against digital attacks requires more and more expertise.”

Bringing in a specialist

And many regular IT partners lack that expertise; after all, you can't know everything about everything. “With a certain turnover, it is quite normal to arrange for a company lawyer or an accountant. Then it should also be very common to involve a security specialist in your organisation when, for example, you depend on continuity, work with sensitive data or have a lot of customer data.” Kuijpers sees that many entrepreneurs rely on their IT supplier when it comes to security. Yet the traditional measures that IT suppliers often offer, such as firewalls and virus scanners, are no longer sufficient against the sophisticated attacks that cyber criminals carry out today. “See your IT supplier as a contractor who builds your house,” says Kuijpers. “You might have good locks but if you want to have security cameras and an alarm system, you get that installed by a specialist. That's how it works with IT security too.”

Security is not expensive

The risk of fire in your business premises is one in eight thousand; the chance that you will be a victim of a cyber attack is one in eight. “A big misunderstanding in SMEs is that entrepreneurs think they are not interesting for cyber criminals. But many attacks are automated and not targeted at all. These crooks cast their net very wide and your company could happen to be in that automated attack," says Kuijpers. Organizations consider it normal to take measures to reduce the risk of fire, but this is not done enough in the digital field. “Entrepreneurs don't know where to start or think it's very expensive, but today security suppliers can offer high-quality protection for your company at a very reasonable rate, without lengthy implementation processes.”

Deviant behaviour on your network

To properly protect your organisation, it is necessary to monitor the traffic on your workplaces and cloud environment for suspicious behavior. “With firewalls, network detection and virus scanners, you actually build a thick wall around your organisation, but – certainly in the past year – people are working more and more from home or remotely, so that thick wall makes little sense,” says Kuijpers. “Monitoring can be compared to a security camera. Cyber ​​attacks are becoming more sophisticated and if a cyber criminal has already stolen his login codes from an employee, he can enter your network undetected. The only way to detect that is when you see something or someone on a 'camera' that doesn't belong there. That is how it works with monitoring.” By analysing a multitude of data sources, a security specialist can look for suspicious patterns and abnormal behaviour on your network. In this way, your digital systems can be protected against external threats.

What can your IT supplier do?

Of course Kuijpers also understands that it is nice for many SME entrepreneurs to work with one IT supplier and to have one point of contact. “In that case, it is important as an entrepreneur to make good agreements about what your IT supplier offers in the field of security, where the responsibilities lie and how action is taken in the event of an incident,” advises Kuijpers. “Enter the conversation with your supplier.” SLAs are often agreed in the field of continuity of the IT systems, but an SLA in the field of security is also part of this, says the founder of Eye Security. “Ask your IT supplier how he has set up the security of your systems and how actively the traffic on your workplaces and cloud environment is monitored. Note that they do not only offer network monitoring, in terms of technology, that is no longer sufficient to keep ransomware out. And, suppose an employee does click on a link, does your IT supplier intervene immediately or do you only receive a notification that something has happened days later? Also ask about the measures that are taken when a cyber attack or incident takes place.”

Liability

Finally, Kuijpers advises entrepreneurs to properly record their responsibilities and liability in the field of security. “There have been several lawsuits between customers and suppliers in this area. The results of those lawsuits show that this is an incredibly unclear area. Make sure you make agreements and record them.” Especially when continuity is vital for your organisation, you work with sensitive data or have a lot of customer data, extra steps are needed in the field of information security. “Get specialist help on time.”

More information?

Ready to take the first step towards a well-secured company? Let us know. Request a free consultation or read more about our services.

Let's talk

Curious to know how we can help?

Get in touch
Share this article.

Related articles.