Cybersecurity is a really important part of every business that deals with digital information. After all, you’re very likely operating with data and information of staff and clients alike.

In other words, they’re trusting you with it. If you slip up with your security, you’ve got a lot to lose.

Cybercriminals purposely exploit small businesses because they tend to not take security as seriously – in other words, they’re easier targets. So what stops SMBs from gearing up with security solutions?

Mainly, it’s just because they don’t know where to start.

Here are the three most common barriers to getting a security infrastructure in place:

  • Lack of proper expertise – you need people that get security and your specific vulnerabilities
  • Lack of time – even if you’re willing to learn, it’s a time sink that requires constant vigilance
  • Lack of money – security solutions, and the people to run them, can cost a pretty penny

Deciding how to handle security

Considering the concerns of SMBs, security becomes more of a choice of whether to keep it in-house or outsource it completely. There are pros and cons to both sides.

You’ll need to carefully consider them to make the right choice.

In-house IT security

Hiring a dedicated in-house IT security person is an option for small businesses.

When you hire an in-house person, you’ll have unparalleled availability and fast response times. After all, they’re right there with you. They can build relationships and integrate themselves into your business.

TechRepublic conducted a survey and found that only 30% of SMBs have an IT security expert on staff.  Over half of survey respondents (52%) have to distribute IT security responsibilities across other roles.

So while it’s normal for businesses to start building IT departments, dedicated IT security personnel tend to cost more than you can get out of them at the SMB level.

Realistically, that means most business opt-in for the IT generalist. That’s an IT person that can do a bit of support, a few projects here and there, and some security when they can.

It’s an option, but it leaves you open to having average  IT support elsewhere.

Outsourced IT security

Okay, so cybersecurity is still important – but in-house seems like more trouble than it’s worth. In fact, 40% of CIOs have a lot of difficulty filling that position in the first place.

What about outsourced security?

An outsourced security firm is great because it ensures that the focus is 100% on ensuring security. There’s no question whether your data is secured. However, you’ll need more than just security for your business – there’s also backups, helpdesk support, and a general strategy to cover.

They won’t really do any of that. You can also go for a generalist.

Partnering with a managed service provider (MSP) that includes security as a part of the package is the most well-rounded choice of all.


An MSP has the expert staff and tools to protect you, but they’re also equipped to keep you running strategically.

And while it may not be as in-depth as a dedicated outsourced security firm, it still proves its value.

In addition to getting your day-to-day support handled, you can get your network and computers secured along with other important services, like backup, monitoring, consulting, and more.

What to look for in an IT partnership

Sadly, not all MSPs are built the same. It’s very much in your best interest to reach out to them and make sure that it’s a good fit. After all, whether it’s security or daily support, the premise is the same – this is your new IT department.

Don’t hire one you don’t like. And especially don’t hire one that doesn’t fit your needs.

Something like security should never be a one-size-fits-all approach. There are still different needs you may have, so you’ll want to communicate them with the MSP to discover your next steps to securing your business.

And hey, while you’re here… that’s actually what Ripple does. We can help you get started on your path to security by having a conversation.