To answer this question, we need to answer another critical question. What is at stake if you get hacked? Of all the things that can hurt a business’s chance of success, I think there are five main risks we need to address.
Reputation
You spent countless hours building a relationship of trust with your customers. That can all be destroyed in an instant when you let their information be hacked because you did not take the proper precautions to protect them. If you are a medical facility, HIPAA requires you to publish publicly that you were hacked so that customers can contact you to see what has been done. This leads to the countless hours of damage control that will go into being hacked. You will spend weeks fielding calls from concerned customers asking what information of theirs has been compromised, and rightfully so.
Legal action and fines
So, besides your reputation possibly being damaged for not being willing to protect your client or customer information, now you have an added risk of that customer bringing a lawsuit against you for negligence. If you are a medical facility, not only are you open to lawsuits, but now you most certainly will have HIPAA coming to audit all of your records, conduct an investigation, and possibly issue you a fifty thousand dollar fine for each violation they find. Not to mention, that even without being hacked, HIPAA can randomly audit your facility and fine you for violations at any time. So that is something you want to consider as well.
Loss of files
Hopefully, you have a good IT management company keeping an eye on your daily backups and making sure they are running properly. If not, chances are good that your backup has not been run properly in quite some time and you may have lost months or years of data. Ransomware, in particular, corrupts all your files hoping to force you to pay them to give you the decryption. If you do not have a good backup, this can cost you tens of thousands of dollars, which most small businesses cannot afford.
Even if you have a good backup, it can take days or weeks to fully restore your data to where it was before being hacked.
Loss of time
As a business owner, there is never enough time in the day to get everything done. If you think this is a major issue for you on a normal day, multiply that exponentially if your network gets hacked. You or your employees will spend countless hours having to contact each customer to notify them, recover your backup data, and having to restore it.
Cost
We began this discussion by asking if the cost of paying for proactive network management and security outweighed the risk of possibly being hacked. If you have been following up to this point, you have probably been adding up the hours spent on each of the tasks previously mentioned. As a cost result of being hacked, you will be paying costs for additional employee hours to contact customers to notify them of their data being compromised, loss of productivity being without your data and computers while they are being restored, and not to mention the cost you will have to pay now to an IT company that will have to do all the restoration, which is about a full work week. At this point, you will be looking back wishing that you paid the monthly fee to have a reliable managed IT service company to secure your network and help reduce your risk of ever being hacked in the first place.
As a fellow business owner, I can understand the need for being frugal while you work hard to build a reputation and a client base. However, I would ask, do you cut costs at the risk of destroying everything you have built by a single ransomware attack that violates your client’s information? I would think of managed IT service protection as an insurance policy. With insurance, you wish you had it when you need it because now you are stuck with a large bill or a lawsuit. With managed IT security service, you have the insurance of knowing your network is constantly being protected from hackers and ransomware, plus you can often get service calls at no extra charge. If you are someone that doesn’t want to run the risk of operating without health or business insurance, then managed IT security service is even more valuable to a business owner.