YOUNGSTOWN, Ohio – If there’s one lesson that companies have learned over the last several years, it’s that cyber thieves don’t discriminate when it comes to the size or nature of a business.
Most small and medium-size businesses lack the wherewithal to staff and manage in-house information technology departments to monitor suspicious emails or websites – potential portals to security breaches that could cost a company everything.
“Cyberattacks have increased by massive amounts,” says Jason Wurst, vice president of TSI in Boardman.
TSI was founded as Tele-Solutions Inc. in the 1980s as a business telephone-systems service, but has since evolved into a comprehensive managed service provider, or MSP, that today acts as the de facto IT arm of corporate clients across the region.
The most critical issue IT faces today is protecting the client’s information by putting tough safeguards in place to stave off or provide early detection of a security threat.
“Right now, we want to put our focus on cybersecurity,” Wurst says.
The pandemic has changed the traditional office as more employees are working remotely and use video or voice systems based on their home desktops or laptops. This has created more opportunities for cyber criminals to use ransomware to steal information or hold entire business systems hostage.
“We’ve transitioned from desktop antivirus to Next-Gen EDR,” Wurst says.
EDR, shorthand for Endpoint Detection and Response, is a system that uses artificial intelligence to recognize a threat in real time and immediately deploy a cyber defense. TSI has partnered with a national firm that can monitor a client’s software and systems 24/7 to enable this service.
No system can guarantee 100% protection against a security breach, Wurst says. So elements of risk remain for all businesses.
“No one can protect you from everything,” he says. “We do all we can to keep our clients and their information safe.”
Part of this involves training employees to be cognizant of emails or websites that appear unusual, Wurst says.
“There’s a human factor as well,” he says, noting it’s important to educate employees on the risks of opening up phishing emails that could introduce ransomware or other harmful computer viruses into their systems.
“We’re taking the burden of understanding tech and IT off the business owner,” Wurst says. “We put that on our engineers.”
Just about every business is susceptible to a cyberattack, which has caused many to consider purchasing insurance policies that provide a degree of protection in the event of a security breach that harms the company.
“In the insurance world, it used to be that everyone thought that this only happened to big businesses,” says Ellie Platt, owner of Platt Insurance, Howland. “But the number of cyberattacks against small businesses has skyrocketed.”
Such policies are becoming standard, Platt says, as hackers become more sophisticated and have widened their target range.
Among the costs a business could incur from a cyberattack – aside from payout of a ransom – include expenses related to determining how the breach occurred, lost business income, the costs of notifying customers, and the extent of liability.
“A huge cost is notifying customers,” Platt says. The average claim is approximately $25,000 for small businesses and $400,000 for larger companies.
The costs of policies vary, depending on the level of coverage the customer is looking for and the nature of the business. “Liability coverage is about $1 million and you could go up to $5 million,” she says.
Some advice for those seeking cyber insurance: Work with someone licensed in Ohio and who has experience in the field, Platt says.
“It’s specialty coverage. So you want to find someone with experience,” she says. “It’s one of the fastest growing segments in the insurance market, as well as travel.”
Also, never assume your corporate insurance policy includes cybersecurity protection, Platt says. “It can be really limited; we tend to sell stand-alone policies in addition to standard insurance.”
Buying a policy that includes comprehensive cyber coverage is becoming harder, as the industry adds more policy exclusions, inserts higher deductibles and charges higher premiums, says Mercy Komar, cyber risk manager at L. Calvin Jones, Canfield.
“Insurance companies are putting in a lot of exclusions and lowering crime and fraud coverage,” she says. In some cases, policy coverage has dropped from $1 million to $250,000, she says.
The rise in cyberattacks has also increased risk, which has driven up prices, deductibles and led to provisions such as stringent “war exclusions” in some policies, Komar says. “They’re taking the stance that a foreign entity exploiting data is not a criminal act but could be an act of war,” she says, pointing to the military conflict between Russia and Ukraine.
If it’s determined that the breach was a result of an act of war, then insurance companies won’t cover the damage. “It could impact American companies doing business overseas,” she says.
Other factors that could affect cyber coverage include outdated software, Komar says. For example, some policies demand that companies continually update their systems as these updates become available.
“You have 60 days to put that update on. If something happens after that, and you’re not updated, then you’re not covered,” she says.
The good news is those companies that have held cyber insurance for a year or more without an incident have seen their premiums reduced, Komar says. “Some have gone down from $1,500 to $1,200 annually,” she says. “The more secure they show themselves, the better rates they’ll get.”
None of these concerns are likely to halt the growing dependence on technology in the workplace, as local IT companies see plenty of opportunities to carve out new markets and customers across the country.
“There’s a lot of buzz around hosted desktops right now,” says Mark Richmond, president of MicroDoctor IT, an MSP in Warren. “People are adopting it pretty rapidly.”
Hosted desktops are simply desktop computers in which the operating system, applications and data are stored in secure remote servers, Richmond says. The desktop or laptop serves as a display tool that is an extension of cloud storage.
“It increases market opportunities for us,” he says. “We serve every type of business – manufacturing, nonprofit, health care, local governments – anyone that uses a computer.”
Micro Doctor provides IT services for companies throughout the region. The security systems the company employs include scanning the “dark web.” Should an employee accidently click on a suspicious link, the system is able to prevent him from accessing the website.
Today, the biggest chunk of business for his company comes from the nonprofit sector, Richmond says. “Two years ago, it was manufacturing and distribution,” he says. Were it five years ago, clients in the health care industry were most dominant.
“I’d say 25% of our business was health care then,” Richmond says.
While business in 2021 remained consistent with previous years, Richmond reports there was a slight pullback at the beginning of this year. “It should rebound,” he says. “I think there’s some pent-up demand and we’re ramping up our staffing.”
Aside from its Warren office, MicroDoctor has an office in downtown Cleveland and is exploring an expansion into Charlotte, N.C.
“The market should be stronger in 2022,” he says.