Short-term strategies and unforeseen situations are two major pitfalls for SMEs that can lead to security risks.

Because SMEs are highly focused on their core business and have smaller IT teams, they encounter a number of common IT pitfalls. These are often unexpected events that create a trap and that organizations cannot, and do not always, find an answer to in their long-term strategy.

In times of Corona, companies were forced to implement hasty changes within their organizations, which often pushed security into the background. “There will undoubtedly continue to be operational IT environments that do half measures and are therefore more vulnerable to security risks,” says Stefan Tummillo, Team Manager Relation Sales Mid Market at Dustin.

Trapped in a seller lockout

One of the IT pitfalls that Tummillo points out for SMEs has to do with supplier retention. Small businesses that outsource their IT due to a shortage of IT talent and the need to keep their core business running often turn to external partners for cloud solutions. “In these cloud environments, we primarily observe provider dependency. Many providers offer customized solutions for customers, which makes it difficult to switch to another provider,” says Tummillo. As a small business owner, this sometimes leaves you a dissatisfied user and still burdened with additional costs.

To combat this problem, Dustin began standardizing cloud environments years ago. “We started looking at what we could standardize within a cloud environment to make it easier for the customer to switch to another service provider,” says Tummillo. “A digital key is then transferred from the company to another management organization, which can use this to manage the standard solution or environment without making it too complex.”

Short-term strategy

Within any domain, the company stands or falls with a good strategy, and this also applies within an IT environment. Tummillo points out that SMEs often lack long-term IT strategies due to their focus on their core business, which is often not IT. This creates the next danger for small businesses: the lack of a comprehensive long-term strategy for their IT environment.

Companies are increasingly asking us to work together to develop a long-term strategy without sacrificing complex solutions.

Stefan Tummillo, Team Manager Relation Sales Mid Market at Dustin

Such strategies are not determined overnight. “Thinking is often too complex and companies develop solutions that may not support the business, leading to security vulnerabilities,” says Tummillo.

“At Dustin, we work with the customer to look at the current situation and maturity of the IT environment and end users to get everyone on the same page about how their IT environment can contribute to business goals,” says Tummillo. “Companies would also do well to take control themselves. In this way, they make the right choice of partner based on their business vision and long-term strategy,” he continues.

(Not) prepared for the unknown

In addition to a long-term IT strategy, ad hoc decisions are also a major stumbling block for SMEs. Even companies with a good long-term strategy for their IT environment are not necessarily immune from cyber threats. The threat landscape is reflected in the variety of types of threats for which a company cannot be prepared.

“For many of our customers, the danger lies with end users who click on a malicious link and become victims of phishing,” says Tummillo. When it comes to threats of this nature, you often have no control and rely on the vigilance of your employees, which can be trained.

We give companies the right tools to train their employees so they can protect themselves against phishing attacks

Stefan Tummillo, Team Manager Relation Sales Mid Market at Dustin

Phishing emails or messages are difficult to combat, but a critical human eye can prevent a lot of damage. Dustin therefore offers simulations for companies where phishing emails are sent to their employees in a secure environment. Based on these results, employees are trained to recognize phishing.

In addition, there are unexpected changes that companies have to expect on an ad hoc basis, such as the impending discontinuation of Windows 10. “Many companies are therefore forced to replace their systems to avoid security risks, but not all are prepared for this.” SME “We often have no plan for this and are confronted with high costs that are not budgeted for,” says Tummillo.

Don’t postpone it

SMEs usually know where potential risks lie in their organization. But often the lack of a long-term strategy and the inability to anticipate unforeseen circumstances are major pitfalls for small businesses.

Tummillo advises SMEs not to postpone their security investments to other financial years. “With small investments you can avoid many dangers. Don’t wait too long to take action and find the right partner to accompany you. The longer you delay it, the more money it will cost you if you unexpectedly fall victim to a cyberattack,” concludes Tummillo.