You wouldn’t leave a pile of cash outside your office building every night, right? If you’re not careful, however, you might be exposing something even more valuable: your company data.

Data is the currency of the small and medium-sized business world. Experts caution that a single hack could cost small businesses between $82,200 and $256,000. Failing to protect your company’s data is equivalent to leaving that cash pile out in the open with an invitation for anyone to take it.

With IoT attacks, ransomware and phishing on the rise, shoring up network vulnerabilities is a small business imperative. Knowing where to get started, however, is another challenge. As the Branch Practice Manager for Lucas Group’s Houston IT recruiting team, one of the most common questions I get from clients is, “What should I be doing to protect my company against cybersecurity threats?”

My answer: it’s not just what your company needs to do to shore up security vulnerabilities, but also who you need to recruit to accomplish these objectives.

The “what”: creating an SMB cybersecurity plan

SMB owners often assume that their data is of little value to hackers, but that’s simply not the case. Financial accounts, employee personal information, and customer data may all be easy targets.

When it comes to creating a cybersecurity plan, I recommend SMBs start by asking the following questions to identify internal needs and solution options:

  1. Do employees bring their own devices? While a “bring your own device” policy can save on technology expenditures, using smartphones, computers and tablets for personal and professional use creates multiple exposure points hackers can easily exploit.
  2. What type of security software does your company use? The licensed security software that comes with an employee’s computer is generally insufficient for business needs. Opting for “security as a service” can be a smart move for SMBs since this requires less day-to-day management.
  3. Do you have an existing security policy or provide any employee security training? Technology threats change rapidly and employee training must keep pace.
  4. What sensitive data can your employees access through company networks or the cloud? As your company shifts data to the cloud, outdated security protocols and antiquated authentication systems could leave your company vulnerable.

The answers to these questions will help you determine your organization’s current vulnerabilities and the expert talent necessary to address these concerns.

The “who”: recruiting the right IT talent

Most small businesses employ lean IT teams. While a small, agile team is great for day-to-day needs, these teams may not have the specialized skills necessary to address cybersecurity concerns. Unfortunately, bringing in a full-time cybersecurity expert can also be a costly undertaking. Cybersecurity talent is in top demand and short supply– and larger enterprises typically scoop up with talent with competitive offer packages. This can create a Catch-22 for SMBs: they need to expand their IT team to address network vulnerabilities, but the best talent is already taken.

In this case, SMBs may benefit from a short-term contractor. This contractor would join your company for a fixed project period to build a strong cybersecurity foundation and train existing IT staff in security protocols. Hiring someone on a project-basis also lets your company tap into a specialized talent pool to address specific cybersecurity concerns, such as cloud security, that would not be possible otherwise.


What cybersecurity challenges is your company facing? I invite you to share your top challenges and current approach to cybersecurity in the comment section below.