DIY Security: Why It’s Usually a Bad Idea for Most Businesses

Do-it-yourself is a popular mantra among many people building websites, doing home renovations, or marketing artistic and cultural products.  Unfortunately, however, it is not an appropriate approach for some things; like network security.  Just like a home renovation DIY project gone horribly wrong, organizations taking on cybersecurity roles outside of their core competency could cause themselves ruinous, avoidable expense.

Some companies make the decision to be wholly responsible for their network security intentionally, perhaps due to cost considerations, or a lack of understanding about the frequency and harm of security incidents.  For some companies, it was simply neglected, or a tiny startup in stealth mode grew too quickly for management to keep up with all demands.

The cost of network downtime for enterprises is $5,600 per minute, which is close to $300,000 per hour.

According to Gartner research, the cost of network downtime for enterprises is $5,600 per minute, on average, which is close to $300,000 per hour.  Worse, Ponemon research found that the average total cost of a data breach in 2016 was $4 million.  Protecting against that kind of risk is a job for professionals.  Keeping a network secure can be easy.  You just have to have the right help.

The True Cost of DIY

A business that has succeeded so far at maintaining security and operational performance may have saved thousands of dollars, yet based on Gartner’s findings, lose those entire savings within a minute or two of a critical network failure.  For companies that suffer prolonged downtime, the cost of mitigation, recovery, and reputation management could mean a lost quarter, or worse; considering that for many, a dropped deal or missed opportunity could easily drive the cost of a lost eight-hour workday into the millions of dollars.

Companies that consider themselves unlikely targets for hackers should consider the proliferation of ransomware attacks, as well as the many reasons that hackers attack corporate networks, such as attack method tests or demonstrations.  According to Kaspersky Labs, one in five businesses suffered a security event as a result of a ransomware attack in 2016.  The average ransom demanded is $300, but it can be much higher.  Further, until the ransom is paid, or the system is otherwise unencrypted, the victim accumulates costs from downtime, and 20 percent of ransomware victims who pay do not have their systems restored in return.

Given the low bar for ransomware demands, any company can be targeted.  As your company and its profits grow, it becomes a more enticing target for hackers.  Because of this, professional network security has become in essence a form of insurance.  Considered this way, effective protection is easily applied and inexpensive.  Achieving small monthly savings with DIY security is not worth the risk.  It amounts to a bet made against changing odds, and the stakes could be as high as the continued success of your company.

Additionally, time spent learning and applying skills outside of the business’ focus is taken away from that crucial role.  Let your IT team serve its primary purpose of supporting core business operations; leave securing your servers to a dedicated provider like Atlantic.Net.

The Better Option

Specializing in your business is part of what makes your IT team valuable, and likewise, premium security is part of the value delivered by network service providers.  A survey by Intel security (PDF) found that the cyber security skills shortage, reported by 82 percent of companies, has already driven 60 percent to outsource at least part of their organization’s IT security.

Maintaining uptime and keeping company data secure can be challenging for many organizations, but meeting complex regulatory requirements represent another level of responsibility and difficulty.  While outside of the expertise of even most skilled IT professionals, HIPAA compliant environments and PCI compliant servers are among Atlantic.Net’s specialties.  That level of security expertise gives companies in need of assurances against costly incidents, but without compliance burdens, full confidence that their IT systems are protected.

Managed services offered by Atlantic.Net, from Dedicated Private Cloud to HIPAA and PCI-compliant plans, come with a fully managed firewall and an intrusion detection system, as well as a 100 percent uptime guarantee.  Trend Micro’s industry-leading Deep Security Suite, including anti-malware network security, and integrity monitoring, provides additional protection.

Private Cloud plans give customers dedicated infrastructure and uplinks, while Atlantic.Net manages the provisioning of virtual machines.  Security analysis, load balancing, and daily backups are also available to further ensure continuous system performance.

Compliance hosting plans provide further protection, like automatic encryption of data at rest, managed backup, and log inspection to meet the most stringent security standards. All solutions are hosted in Atlantic.Net’s fully audited, SOC 2 certified data centers.

Upgrade Easily

Fortunately for organizations upgrading to professional IT security services to meet the new threat challenge, help is available not just to provide the service, but to help you choose and implement the right solution for your business.  Atlantic.Net provides a wide range of options, as well as custom packages, with the support of a team of dedicated veterans, for whom making businesses’ IT environments work and their security maintained, is a core focus, and a point of professional pride.

Between the costs of security incidents, the advantages of an IT team focused on core competencies, and the availability of strong security, organizations stand to benefit the most by shifting from DIY security to a more modern approach sooner, rather than later.  Some companies experience a small security incident and have a chance to adjust.  Some companies are less fortunate, and businesses and lives can be dramatically affected by avoidable situations.  Cautionary tales abound in the media about companies with almost good enough security.  Do not be the next cautionary tale.