The threat of data compromises and ransomware attacks has become a top concern for the SMB community over the past two years, and a majority of those companies are looking to outsiders for help. Virtually every recent research study involving small to midsize companies validates that increasing angst, as well as the struggle to find adequate protection for their infrastructure, information systems, employees, and customers. In the latest Vanson Bourne report (commissioned by Continuum Managed Services), 89% of SMB leaders identified cybersecurity as one of their top priorities, with more than three-quarters (79%) of those organizations planning to invest more resources toward it in the next twelve months.
Security is now (or should be) top of mind for every business owner.
While profitability and growth are essential for long-term success, most companies now realize that without the right security measures in place, their business is vulnerable to a multitude of issues. Cybercriminals may access, compromise, or completely shut down corporate systems. That’s the new reality for any business owner.
A single attack’s impact on a client’s organization can be substantial, including:
- Loss of crucial customer, employee, and business information
- Significant downtime, especially for computer-dependent companies
- Productivity loss
- Disruptions during data restoration (if possible)
- Potential damage to systems and information
- Damage to company brand and reputation
The security lapses that end up compromising customers’ payment or personal information can be catastrophic. Whether an incident ends up splashed across the news or is quietly relayed between various business clients, when an organization fails to protect its most critical data, it loses the public’s trust. Your customers’ reputations and financial stability can become casualties in no time.
Compliance can be complicated for SMBs
While often a source of frustration, government regulations, and industry standards are complementary to cybersecurity. Businesses that fail to meet requirements and mandates will likely incur significant fines and legal costs if hit with a breach or ransomware attack. If not properly addressed, those organizations could be just an audit or hack away from financial disaster.
Compliance is no longer optional or loosely enforced. Fines for non-compliance to many rules and regulations are quite considerable today, with penalties for HIPAA and PCI-DSS violations increasing and gaining more media attention these days. Companies that fail to meet the payment card industry standards, for example, are fined as much as $100,000 per month or $500,000 per security incident.
HIPAA failures regularly make the news these days and the cost of non-compliance continues to skyrocket, and medical offices and hospitals aren’t the only entities regulators penalize. Just last month a Georgia-based ambulance service was fined $65,000; following the loss of an unencrypted laptop containing protected health information (PHI) of 500 individuals and other long-standing compliance failures.
Not all industries openly discuss the penalties and the ‘powers that be’ tend to apply those levies randomly. For example, the PCI SSC administrators don’t dispense the punishment to offenders; it’s the individual credit card companies that collect the payment for non-compliance.
If your clients accept Visa, Mastercard, and American Express, they could be hit with three separate fines for failing to protect card-holder data and other security protocols. Violations for non-compliance could cost your clients $100,000 per month or $500,000 per security incident, and companies won’t know the total bill until months after a problem occurs.
Of course, fines aren’t the only pain that can be inflicted on companies that flaunt the rules and end up compromising customer information. This is where the attorneys step in to hit the ‘offenders’ with class-action lawsuits and individual claims, which could run into the millions if a business has been careless or negligent.
You’d think those financial risks would make it easier for MSPs to upsell additional protection and compliance-related solutions and serve as an incentive to reduce their own IT business’ risk factors. Unfortunately, many (providers and clients) don’t realize the true costs of data compromises until it’s much too late.
Protect your own house with a Secure Payment Portal
One place where IT professionals can “up their game” with regards to information protection is in the payment processing arena. From both an internal and external perspective, MSPs should increase their expertise and solutions offerings in that field to give their clients greater peace of mind.
As with any offering, cybersecurity begins and ends in your own IT services business. A secure payment portal is a perfect place to start as it shows your clients how serious your company is about protecting their most valued information (in this case, payment card data).
Safeguard that information while addressing relevant compliance requirements. Implement a platform like ConnectBooster that minimizes the risk of a data breach for your firm by locking down customer payment information in an encrypted PCI compliant payment vault.
That solution has numerous other benefits for your business, too. ConnectBooster reduces manual entry tasks for MSPs, which cuts labor costs, and the easy collection process can help boost your cash flow. No matter how you look at it, a secure payment portal shows your firm is serious about protecting their valued data.
The resale opportunity
Most businesses accept credit, debit, or ACH payments today. Traditional check usage continues to dwindle for several reasons, including the rising cost of postage, ongoing efforts to reduce paper and save trees, and inconvenience. It’s much easier to access an account on your computer or phone and then approve a credit payment or bank transfer. No time, no fuss.
The concern for MSPs is how their clients are processing those payments. Did they self-provision a system they found online or contract with a third-party to provide those services? In either case, do you really know if their payment processes are secure and PCI-DSS compliant?
Those unknowns could essentially leave your clients at risk. Not only could that be detrimental to their businesses, but as the IT services pro charged with supporting their systems, your company’s reputation might be at stake should their customers’ credit or bank information be compromised.
Are you offering secure payment processing options for your clients? Add to your solution stack and give small businesses a safe and easy way to get paid while broadening your MSP’s recurring revenue streams. Stay tuned for big news from the ConnectBooster team in the coming weeks on how to make that prospect a reality.