Photo of Oliver Pinson-Roxburgh

Oliver Pinson-Roxburgh

CEO and Co-Founder

5th October 2021

1. Identifying the challenges

Over the years we have observed how the IT security industry has served small businesses, with limited options available to effectively and sustainably address the challenges faced by SMBs. Many of the solutions available on the market do not directly tackle the problems small businesses encounter, which has left many businesses void of even basic security.

When it comes to cybersecurity, a significant proportion of small businesses are not doing even the basics, and we don’t blame them. We have been in their shoes, we know how hard it is when starting a business to get the balance right. When you’re focused on business growth, adopting new security tools and processes can seem to slow down innovation and growth.

For those that are looking for security services, they are largely underserved. We have received direct feedback at events and sales engagements from business owners that feel existing cybersecurity vendors do not have a solution that fits their needs, particularly if they are a small or medium-sized business. The compounding problem for many small businesses is that products and services that are available are complex, expensive and require more resources than they can either hire or have access to. This leads to dissatisfaction, lack of confidence or worse, a false sense of security.

The final challenge is that even when cybersecurity tools do provide valuable insights into the security gaps or threats, SMBs often don’t have the expertise to remediate them.

We believe world-class cyber protection should be accessible to all companies, regardless of size.

And we're making it happen!

2. Making cybersecurity accessible for all

We decided to tackle the problem head on. We could see the growing interest from businesses wanting to promote good security hygiene to their customers, and we knew it was possible for small businesses to benefit from enterprise-grade security if the services and tools were designed in the right way. Using our experience of building small businesses from the ground up, and serving enterprise customers for many years, we worked on a solution that would suit all business sizes.

The first thing we wanted to do was to make it easy for businesses; to provide all the critical things a small business needs to meet compliance mandates and to quickly improve their security. This meant providing not just one tool or service, but many. This is often the cause of problems for many businesses; every tool and service is in a different place or is being provided by a different vendor. When addressing the needs of this product, we wanted to make sure all the tools were in one place, that the services complement each other and the overall usability was simple for small businesses. But just as importantly, it had to include enterprise-class security in an affordable way so that all businesses could benefit.

3. When’s the right time for implementing security best practice?

Once we’ve tackled the problems faced by small businesses when securing comprehensive security, there’s still the issue of raising awareness as to the importance of security in small and early-growth businesses. What we currently see is that businesses only really take security seriously due to a few factors:

  • Customers

    This is the most frequent reason we hear as to why a business wants to get on top of their security. In the current climate, you must be competitive to win new business, and this includes having a mature approach to data privacy and compliance. By investing in a privacy and security by design approach in your business, you will stand out from the competition and unlock new business opportunities.

  • Placating board concerns

    Board members have a duty of care to employees and the business, so a story hitting the headlines about a security breach is going to be something they will want to avoid. This one falls down to the awareness each businesses’ board has around cybersecurity, but with a clued-up board member on your side, you’ll likely see more advanced security practices.

  • Working in a regulated space

    Some industries are understandably more regulated than others, particularly those that process payments. For businesses in these spaces, security and compliance are more heavily focused on and will result in (we hope) a better grasp of security best practices.

  • Being breached

    The one we all hope to avoid. Experiencing a data breach is the fastest way for a business to embrace security, but often it’s too late. If your business is breached, you will need to counter the risk of further compromise and work to build confidence in your customers. It can take months or years for a business to fully recover, and many simply don’t.

All things considered, the right time to implement security best practice is... as soon as possible! The earlier your business implements a security strategy, the sooner you can start growing your business in a safe and secure way. Don’t leave compliance and security as an afterthought that needs addressing when a customer asks or when a breach occurs; this will lead to costly and rushed implementations.

4. Grow your business by being the IT security vanguard of your industry

However, early growth and budgeting is tricking. Speaking from experience, in the early stages of growing a business you have to make every pound/euro/dollar count. Most small businesses in the UK spend less than £5k on IT security a year and it’s no wonder when the options are limited or too expensive.

To allow your business to grow and stand out among your competition, it’s important to embrace new opportunities. Security is often overlooked as an enabler for growth, but by demonstrating your commitment to security and compliance, you can gain customer confidence and attract new business.

Security is not just an early stage enabler for growth – it also prepares you for future success. The reality is that it can be extremely difficult to embed security and compliance retrospectively. When done wrong IT security can be jarring, increase workloads and give a false sense of security. Therefore, the earlier you can introduce best practice security into the design of your IT environments and applications, the more time it will save you in the long run.

5. Securing your supply chain

Your commitment to security standards should not be isolated to your own practices. Third-party due diligence is equally as important. Even with the best security available, if one of your suppliers is hit with a data breach or cyberattack, it can have a knock-on effect on your business.

Taking us as the example, we have decided not to work with some of the largest providers in their field due to their poor security and compliance standing. When we have investigated their security and compliance state, we found some were missing what we consider to be the security basics.

We recommend any business conducts a risk assessment for any new (and existing, if not previously done) suppliers. This can be achieved by creating a supplier due diligence assessment form. You should use this to establish how the supplier will uses and processes any personal data you share with them, and more broadly around their GDPR compliance and information security.

6. What’s the right protection?

With many different ways to compromise a business, there is a natural need to address the various security risks associated with people, process and technology. No single security tool can address all the threats to a business, and that’s where it can get complicated. If you don’t have the time, expertise or resources to set up, use and continue to maintain the various tools required, it’s easy to get left behind and let your security slip.

We know what businesses need to do to get the best protection from cyber criminals, and we know why many of them don’t have it in place, so we’ve developed Defense.com™ to address the common pain points. Defense.com™ provides all the tools you need to efficiently manage your cybersecurity, as well as expert support from our team of analysts, consultants and engineers.

7. Bridging the skills gap

Smiling employees looking at the monitor Smiling employees looking at the monitor

The final and biggest challenge in general to the security industry is a skills shortage. it’s a real challenge to get good people; it’s even something that as a security business we struggle with, despite providing some of the most exciting services in the industry! It’s therefore not a surprise that small businesses simply do not have the budget or environment to hire a dedicated resource to manage all areas of their cybersecurity.

This is another important element we wanted to address with Defense.com™. That’s why in addition to a wide range of cybersecurity tools, we’ve also included people-powered services to help businesses assess, manage and improve their security profile. Our team of experts provide can provide you with support and consultancy services to act as an extension of your team and remove the need for dedicated in-house resources.

Summary

So my final word is that security need not be complicated, increase your overheads or lead to productivity loss. With the right solution, any size business can protect its assets and reduce the risk of cyberattacks.

There will always continue to be increased emphasis on security, so get ahead of your competition and win new business by making security and compliance one of your USPs. It’s also important to find the right mix of security solutions that cover people, process and technology so you have good overall protection. Afterall, there’s no point investing money in protecting your technology if you can lose it all with the click of a phishing email.

Defense.com™ has been developed to be a step-change from how businesses currently buy security products and manage their compliance requirements. It’s a simplified solution for small businesses, using the same technologies used by large enterprises. As a SaaS product, it will continue to evolve to help businesses of all sizes get maximum security with minimal complexity, allowing them to stay ahead of the latest threats and improve business success.

And at the heart of everything is our team of security analysts, compliance consultants, penetration testers and customer success champions. All working together to ensure our customers get the best from their package.

Defense.com™ makes comprehensive security accessible and manageable for all businesses, so you can focus on what you do best.

Easily manage cyber risks with Defense.com

Get access to comprehensive security tools and expertise, without the enterprise price tag.
No advanced knowledge required – we’ll take care of the heavy lifting for you.

Get your free 14-day trial to find out how your business looks to a hacker.