Blog

Why Data Security Should Be Treated as an Operating Expense

Why Data Security Should Be Treated as an Operating Expense

03/30/2017

Business team meeting for financial project.jpegTraditionally, data security has been treated as a capital expense. Even if they’re regularly updated, firewall and antivirus programs have only been purchased–and thought about-every few years. In the past, this was enough to keep your business safe.

But cyber threats are advancing and evolving at a breakneck speed. Letting your data security decisions be dictated renewal dates is no longer acceptable to keep your business protected. Shifting your data security decisions to be part of your business operations, rather than just a capital expense, will keep you safer and make budgeting easier.

The best way to achieve this is to switch to a monthly security-as-a-service plan (some options are called firewall-as-a-service). Look for a monthly security plan that rolls multiple security expenses, like firewall, antivirus and monitoring into one to get the most bang for your buck.

The plans should clearly outline how often your firewall and antivirus are updated (including how often you get a new physical firewall). If monitoring is included, the plan should outline exactly what is being monitored and what happens if suspicious activity is detected.

 

Better Security

A lot of small to mid-size businesses still have a traditional security set up where they buy a physical firewall and an antivirus license every few years. They may periodically run the updates, but don’t always keep up with it. Cyber threats are constantly changing and evolving, though, so a firewall or an antivirus that hasn’t been updated in a while isn’t going to keep you safe from the latest threats.

Even if you do keep it updated, even the best physical firewall from three years ago isn’t always going to be able to handle newer threats (and they may actually be slowing down your internet speeds). They simply weren’t built to handle threats that evolved after their release.

A good security-as-a-service plan will include real time (or as close as you can get to real time) updates to firewall and antivirus definitions plus a new physical firewall every year, help to protect you from the latest threats.

In addition to your firewall and antivirus needs, a good security-as-a-service plan should include monitoring. It’s not uncommon for hackers to get into to your system then leave it alone for months before striking. Monitoring can help sound the alarm that something isn’t right (like people logging into your system from foreign locations or outbound internet traffic going to spoofed sites) so you can take action before the damage has been done.

 

Better Budgeting

The biggest advantage of a moving your security expenses to your operations budget (outside of the security) is the predictable cost. Security-as-a-service plans are paid for with a monthly fee rather than the large capital expense associated with buying a new firewall every few years.

Pricing will vary based on your needs and the provider, but is usually based on some combination of user count, the cost of the physical firewall included and your user count. Regardless of these factors, your plan should have a consistent, predictable monthly price.

 

Shift Your Mentality

A decade ago, you didn’t need much more than an anti-virus software to keep your business safe from cyber criminals. That’s not true anymore. Keeping your information secure is getting harder to do and needs to be at the top of mind for every business owner.

But having your data security as a capital expense that you only deal with every few years can make it easy to forget about security. After all, you’re concerned with running and growing your business-as you should be. But ultimately, running your business gets a lot harder to do when you’ve fallen victim to a cyber-attack.

The biggest reason your data security measures should be part of your operational budget because it should be should be part of your operations. It’s well past time when you can ignore data security or just do the bare minimum because ‘it’ll never happen to me.’ A solid data security plan is part of doing business.

New Call-to-action

   

Subscribe to Our Newsletter

Ultimate Guide to Budgeting for Technology