By Jeff Quinn
As I write this, I’m sitting at a nationally-known coffee shop watching a guy tap away on his computer while he’s on a conference call. Though I can’t hear the entire conversation it certainly appears that he’s talking about his business. Because I live and breathe it every day, I find myself thinking about the security of his computer and, by extension, his employer’s network and customer data. Are they aware of the threats? Are they prepared to handle them? Sadly, the answer is probably no. If he works for a small business, chances are they’re entirely unprotected.
You don’t have to try very hard these days to find a story about a data security breach. There were two very high profile ones at the end of 2013 — Target and Neiman Marcus — both established national retailers with seemingly exhaustive resources to protect their customer’s data, but they were still vulnerable. As a small business owner and as someone who sells to small businesses, you might think you don’t need to be concerned with data breaches because you’re not a “big corporation" like Target. Who would want your data, anyway? Apparently a lot of people: Hackers got to the Target data via one of their suppliers — a small business just like yours. We recently learned via the Heartbleed bug that, even if you think you’re protected, you might not be.
Before we talk about what you can do to protect your data, let’s look at what it costs to clean up a data breach. (Hint: It’s not cheap.) A benchmark research study conducted in May 2013 by Ponemon Institute and sponsored by Symantec found that it costs an average of $189 per record to remediate a breach (in the U.S. the average is $277 per record) and the average number of records involved in a breach was 23,647 (28,765 in the U.S.). Time for a little math: on average it costs $4.4 million to remediate a breach; in the U.S. that figure is a stifling $7.9 million. If you’re a small business, just take a minute and multiply $189 by the number of customers in your database.
You’re having trouble breathing, right? I know; me, too. But don’t panic. There’s hope … and help.
Earlier this year on the Networking Exchange blog, Andy Daudelin penned “4 Things to Consider as You Make Your Security Resolutions." In this blog he touched on four top security threats: mobility and BYOD, advanced persistent threats, perimeter defense vulnerabilities and the emergence of small businesses as a target. There’s a great revenue opportunity for solution providers, VARs and agents to develop their expertise in the area of data security and leverage that professional services expertise with their customers both small and large.
As companies relax their standards to allow BYOD for their employees, the need for mobile device management solutions like AT&T Toggle become a necessity. Toggle provides the ability to have a separate business and personal instance on the same mobile device.
Cloud-based services offer excellent, cost-effective solutions for small businesses. Agents and VARs who master this evolving space will be well positioned to help SMB customers shore up their vulnerabilities. In fact, Channel Partners recently published a white paper on how cloud is a logical, affordable choice for business continuity and disaster recovery. Though not a natural disaster, a data breach is certainly disastrous.
For larger customers MPLS VPN could be the best alternative. In a recently published white paper, AT&T makes the case that by “keeping traffic private as it routes across a common network architecture, MPLS VPNs are not susceptible to DDOS (distributed denial of service) attacks which are becoming increasingly common on the Internet. It pays for businesses, in most cases, to bypass the public Internet from a performance and business continuity perspective. Most often, the way to do that is to use an MPLS VPN, the current gold standard for business-class network services."
Whatever option (or options) you choose for your own company or for your customer, there’s a clear sense of urgency around securing the small business network and its critical data. And until we reach the point where we can lock it up and throw away the key, there will be a critical niche for solution providers to fill.
Jeff Quinn, vice president of the AT&T Alliance Channel, started in AT&T’s Computer Systems Division in 1986, after three years with Digital Equipment Corporation. During his career, he has primarily held field sales and sales management roles for multiple AT&T sales organizations, the exception being a four-year stint beginning in 1995 in New Jersey at headquarters where he helped create, launch and consolidate multiple indirect channels, which includes a version of AT&T’s Alliance Channel launched in 1998. His current responsibilities include leading the AT&T Alliance Channel sales and management for Central and Western U.S. He is also a member of the 2013-14 Channel Partners Advisory Board.