As the number of small businesses getting breached continues to go up, Lause advises MSPs and managed security service providers (MSSPs) to offer BYOD policies and urge their clients to put one in place immediately. “It’s no longer an option as to whether or not you should put a BYOD plan in place,” Lause says. “Hackers love to target small businesses because too often, small businesses don’t invest in current technology, don’t enforce making sure machines are patched and up-to-date, and don’t have policies in place. The stiff fines, data privacy rules (which can require additional costs, such as providing credit-monitoring services to all your customers if you get breached), and the recovery costs can put people out of business. But this can all be mitigated in a cost-effective solution if companies work with a knowledgeable MSSP. And when you compare the cost of recovering from a security breach to the cost of maintaining a high-level secure environment, there is no comparison. The cost is minimal for investing in current technology versus lost business reputation, fines and recovery, which most small businesses find difficult to do and is why 60% of them are out of business within six months or less after a breach.” In the end, it’s important to remind your clients that your BYOD plan is not a “set it and forget it” policy. Review it with them regularly and stay current with the new dangers popping up every single day. “If you’re not talking to your clients about security and their BYOD policy on a quarterly basis to review their exposures and new threats, your clients are likely behind the times and vulnerable to much larger risks,” Lause says. “The most successful BYOD policies are adaptable and fluctuate with our times and technological capabilities. Remind your clients that it is never a bad idea to consult you, and that regardless, they should always exercise due diligence and use common sense. If you’ve taken reasonable care to ensure that your client’s technology and BYOD policy is current, the chances of their getting hacked are greatly minimized.” For more information on Argentum IT, visit ArgentumIT.com. n
Dean Lause, CTO/COO Of Argentum IT
THE 4 ESSENTIAL ELEMENTS OF A BYOD PLAN Once clients go through the discovery process, it’s time to map out a detailed plan, which includes consideration of four essential elements: security, privacy, updates, and education. “The mobile device policy is a place to outline the safeguards a company has in place and what they reserve the right to do with them to protect the good of the company,” Lause says. “This includes things such as protecting mobile devices with passwords, requiring applications to be approved before being installed, and policies for lost devices or how you’ll remove data when an employee exits, among others.” When instituting these guidelines, there are some areas that you’ll walk a fine line when addressing, such as privacy and updates. “If you choose not to include things like mandating system updates in the BYOD policy, you at least want to make a provision that the employee will be liable if data is stolen as a result of their device not being kept current,” Lause advises. He also stresses that everyone be educated on the policies and restrictions in the BYOD policy. “If employees don’t understand, don’t have the ability to ask questions, or don’t know which questions to ask, the policies put in place are going to fail,” Lause says. Lause has a comprehensive cybersecurity process for his clients that includes weekly microtraining and a dashboard that consistently updates their security score, which is much like your credit score, but for the entire organization. Companies that are compliant are not only more protected from hackers, but they are also likely to get a break on their cybersecurity insurance rates. “If companies can prove they’re doing the training and keeping their BYOD policy up to standards, then they get significantly reduced rates on their premiums,” Lause says.
MSPSuccessMagazine.com/cyber2022
25
Made with FlippingBook Ebook Creator