The growing sophistication of today’s cyber-attacks leave small and medium-sized businesses particularly vulnerable. More than 70% of cyber-attacks target small businesses and, even more alarming, an estimated 60% of hacked SMBs go out of business after six months, according to Security Magazine. The main reason for business failure following a breach is the cost of recovery, which the publication puts at $36,000 on average.
Coming from two family businesses in the accounting and real estate industries, I can attest to the increased need for security and the complexities it can pose on small business owners. Small businesses are likely to have fewer resources and less security expertise, making them attractive targets for cyber-criminals. Moreover, the increase in mobile devices further complicates the job of securing their environments. Add in the following challenges and the need for security as a service becomes clear:
- Small businesses lack the tools and expertise to effectively get ahead of security threats and compliance risks.
- They are unable to identify, assess, and mitigate security risks.
- They can detect threats, but are unable to respond appropriately in a timely fashion.
- They are unfamiliar with security best practices and the overall threat landscape.
- They are confused with the numerous offerings available.
1. Techaisle 2015 SMB Mobility Adoption Trends Study; 2. Channel Pro Network; 3. Verizon 2016 Data Breach Report
For small businesses, keeping data, workloads, and users secure is more than a full-time job and our partners are helping SMBs avoid becoming a statistic. The phenomenal popularity of Office 365 among SMB customers gives them a foot in the door. Additionally, the Microsoft recently unveiled a new way for your SMB customers to simplify IT management and security, Microsoft 365 and Microsoft 365 Business. Both provide a complete, intelligent solution that includes Office 365, Windows 10, and Enterprise Mobility + Security (EMS), bringing together the productivity, security, and device solutions SMBs are looking for.
Here are three ways to think about packaging security offers in the SMB space.
1. Secure the front door
As a trusted security partner, you can protect your customer data and devices, and identify breaches before they can cause damage. We call this “securing the front door,” and it starts with identity-driven security. Just like you would at a home, the front door lets you establish identity and decide who to let in. When you apply that concept to your customers’ data and digital assets, you want to be able to answer YES to the following:
- Do you know who is accessing your data?
- Can you grant access to your data based on risk in real time?
- Can you quickly find and react to a breach?
To get to YES, you need a solution that adapts in a changing environment and differentiates between normal and questionable credential use. This is what you get by implementing risk-based policies driven by machine learning, allowing the system to monitor and identify high-risk events or activities. Between exciting security features like Multi-Factor Authentication (MFA), single sign-on access, Identity Protection, Cloud App Security, Windows Hello, Office 365 Advanced Threat Protection, and Advanced Security Management, Microsoft is the obvious choice for a secure and productive cloud.
It’s worth noting that when partners have found the full Office 365 E5 SKU or EMS add-on too expensive for some customers, they’ve still been able to create more cost-effective and differentiated offers. For instance, by attaching Advanced Threat Protection to an existing O365 plan, partners can deliver protection from malware and viruses, safety from malicious URLs, and rich reporting and tracing, all at a business-friendly price.
2. Secure content
Now that you’ve secured the front door, it’s time to turn your attention to securing the content inside of the house. In the context of your customer and their digital assets, you want to be able to answer YES to this question: “Can you protect your data in devices, in the cloud, and in transit?”
Securing content means taking steps to:
- Define policies, templates and rules for content
- Define exceptions
- Define content classification labels
- Detect the SaaS apps that are in use and assigning them a security risk rating
- Define data copy and usage rules for apps on devices
- Control sharing of data based on identity
- Detect data and users violating content policies
- Enable yourself to take action to maintain content security
To a small business, their data is their livelihood. As such the security of their content critical to their success and yours.
3. Secure devices
Devices represent other doors into your data and digital assets, and need to be secured accordingly. Like the “front door” example above, the process for securing devices also includes intelligent access management. You can use Conditional Access to restrict access based on the device platform (including iOS and Android) and whether it’s enrolled in the mobile device management solution provided by Microsoft Intune, which delivers a single solution to control PCs, mobile devices, and apps.
Security and compliance rules can be applied across company-owned and personal devices to prevent unwanted data transfers, and remove apps and sensitive information from lost or stolen devices. You can also apply constraints on a per-app basis using the mobile application management capabilities of Microsoft Intune.
Check out our new video series on SMB security, including the Enterprise Mobility + Security SMB Pitch, Sales Scenarios, Security Demo, and Objection Handling. With these great resources, you’ll be ready to build your security practice with ease.
Tell us how you’ve extended your practice by offering managed security services and share your process with the Microsoft Partner Community here.