The small/medium business (SMB) and franchisee markets are often resource-challenged when it comes to implementation and delivery of cybersecurity services to the business, but the threats are just as big. For Level 1 merchants—merchants processing more than 6,000,000 Visa transactions per year—meeting Payment Card Industry (PCI) compliance requires adhering to mandates such as daily security event logging and monitoring, regular vulnerability scanning and annual penetration testing.
But what about the small business owner/franchisee?
A c-store franchisee may have “big-brand” signage, but likely doesn’t have a super-sized cybersecurity budget. However, the protection of sensitive data is equally as important, and the ramifications of a breach are perhaps even more devastating.
Data from the Ponemon Institute and the Verizon 2020 Data Breach Investigation Report provides a glimpse into cybersecurity concerns for small/medium businesses:
- 43% of SMBs lack any type of cybersecurity defense plans
- One in five SMBs don’t use any endpoint security protection
- 60% of SMBs are not well-informed about cyber-attack and breach risks
- One in three data breaches involved small business
- Phishing is the leading threat action against small business
The need to implement effective cybersecurity controls at a cost-conscious price point is as critical as ever.
However, for all but the most experienced and best equipped in-house IT teams, cybersecurity can be a difficult DIY endeavor. And general IT services providers often lack the specific c-store and cybersecurity expertise necessary to cost-effectively combat today’s sophisticated cyber criminals.
Small to mid-size c-stores and franchisees may be best served by an MNSP with c-store expertise as well as a dedicated cybersecurity practice. Equally important, this service provider should offer these services at a price point that is palatable for the SMB market.
Ideally, the security bundle will consolidate security technology, leverage automation and orchestration and deliver service value to the areas that SMBs need the most:
- Store perimeter
- Cardholder data environment
- Data source/device logging health
- Custom use cases/IoT/digital signage/other
Be sure to ask service providers if they offers the following essential cybersecurity support offerings:
- 24/7 automated security operations
- Managed firewall
- PCI compliance approved scanning services
- Internal vulnerability assessment services
- Managed security information & event management (SIEM)
- Data logging & 12-month data retention
- Security orchestration automation and response
- Security event monitoring, investigation and escalation
- Endpoint detection & response (EDR) with defined security playbooks
- Host intrusion prevention
- File integrity monitoring
- Incident response platform for alert review and resolution
- Self-assessment questionnaire consulting
- On-demand internal penetration test and reporting
Small to mid-size c-stores and franchisees have been overlooked by service providers for too long. Unfortunately, they have not been overlooked by cyber criminals. But fortunately, companies like certified-MNSP SageNet, have stepped up and are eager to help defend the “little guys” from the bad guys using big-league technology.
This post is sponsored by SageNet