Pragmatic Security: Balancing Security Measures for Small Businesses

/in

Security vs UsabilityWhile on vacation recently, I did something that I did not think has been possible since July 1970. I boarded a commercial airline flight without having to go through security. No ID check. No metal detectors. The gate agent scanned the barcode on my ticket and I walked on board. The experience was, at first, confusing as I went from curb to gate with no security checks. I asked the gate agent why there was no security check; the answer was pragmatic security.

Pragmatic Security in Action

Airport security intends to prevent hijackings. I was traveling in New Zealand, which you know is an island country.  The nearest country, Australia, is at least a 3½  hour flight by jet. My plane was a dual engine turboprop with about 70 seats with and a range of 930 miles. It is impossible for the plane to leave the country.

Hijacking a regional flight in New Zealand is pointless, as you cannot escape the country. The security risk is miniscule.

In New Zealand, flights on regional planes do not have (or need) security checks. To board a jet, however, you will board at a “jet gate” having passed through all of the common security and ID checks.

Pragmatic Security for Your Small Business

The concept of pragmatic security also applies to IT and cybersecurity. Not every business needs every security measure. We can, and should, scale our IT and cyber security to meet our needs and priorities.

That said, the baseline has changed. In New Zealand, the baseline security for flights is that the customer has a ticket.  For smaller businesses, the historical baseline has been “a secure firewall/router, antivirus software, and email filters for spam.”

As we have discussed in other Security Update Series blog posts, we face new security demands from customers, insurance providers, and regulators. As cybersecurity risks increase, so do the solutions we need to implement.

Pragmatically: How Much Security is Enough?

While the answer varies based on your business needs, risks, and priorities, our Security CPR model provides a solid baseline. We are also proponents of understanding risks. As we discussed in this blog post, focusing on the most prevalent risks and the most damaging risks is the best place to start.  Designing your security solutions from these two angles provides a solid baseline of protections. Additional measures can be added as needed to meet industry or regulatory requirements.

Call to Action:

If you have not done so already, a baseline security assessment is a good place to start. Our Rapid Security Assessment provides a quick review of core security services. And our Cloud Advisors are ready to assist with any questions or concerns.

Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.