Monday, November 25, 2019

Security - Simply Put - Is Worth It

 


When you are running a business, costs have to be taken into consideration.  There is always a balance between costs and benefits.  Heck, that’s why there is a term referred to as “cost/benefit analysis” in the business world.

However, sometimes in healthcare the situation can devolve into the old adage of being “penny wise and pound foolish”.  Often doctors are not well trained in business practices and certainly not trained in the “Best Practices” of IT, and because of that sometimes poor business decisions are made.  The potentially bad part of poor IT choices is that saving money on the front end could very well create problems that might, in the long run, cause greater expenditures.

Unfortunately in recent history, some of these mistakes have been made in the security sector.  Products such as reliable offsite backups, network security, and reliable antivirus systems have all been overlooked in an effort to save money.  This violates a rule that has been referred to as The Common Law of Business Balance.  This law is the basic demonstration of cost vs. benefit or even an explanation of the ancient idea of Yin and Yang.  For every positive there is a negative, for every plus there is a minus, in business for every benefit there is a cost.

The secret to business success is to find and maintain that balance!!!   The problem with this rule is that many people feel they can violate it and still find success.  In other words there is a segment that thinks “I can pay a tiny amount and get a huge benefit which all of my competitors are paying a huge amount for the same thing.”  One thing I love about physics is that math works every time.  Shooting it to you straight, this truly can’t be done.

There is a famous quote attributed to a British man named John Ruskin that goes like this, “There is hardly anything in the world that someone cannot make a little worse and sell a little cheaper, and the people who consider price alone are that person’s lawful prey. It’s unwise to pay too much, but it’s worse to pay too little. When you pay too much, you lose a little money — that is all. When you pay too little, you sometimes lose everything, because the thing you bought was incapable of doing the thing it was bought to do. The common law of business balance prohibits paying a little and getting a lot — it can’t be done. If you deal with the lowest bidder, it is well to add something for the risk you run, and if you do that you will have enough to pay for something better.”

Anyone want a great deal on a parachute or a lifeboat?  i just got done with having my IT team replace every computer in my office.  We’ve got over 20 workstations so you can imagine that this wasn’t something I paid for with change from the couch cushions.  I also upgraded my AntiVirus system with Emsisoft.  After doing my research, I knew I needed to have a more robust A/V system running to maintain security and I looked at some others.  I settled on Emsisoft for a number of reasons, but one that I did NOT consider was the price.  

I had a buddy recommend a much cheaper solution to me.  He thought I was crazy to spend around $450 U.S. for A/V protection.  My reply was "If malware takes over my office and/or my network, the money I saved would be quickly consumed by all the work expended and paid for to get me back online."

Between those costs and potential fines if my data is stolen, the money I paid was small… and well worth it.  In today’s threat landscape you cannot be too careful.  Having the best protection for the different aspects of your data is important.  Don’t skimp in areas where you need the best.

No comments:

Post a Comment