5 Ways Executives Stumble Over Cyber Security
In a recent blog article, Marty Kaufman recounts the story of meeting with a business owner who was panicked and in crisis mode because of a cyber attack. If we could backtrack to the days, weeks and months before the attack, we would probably find that the business owner did not pay much attention to cyber security at all because he didn’t think that a data breach could happen to him. Well, it could, and it did. We can’t go back in time and undo all the damage that has been done by this cyber attack, but we can help other executives avoid stumbling over some common misconceptions that unknowingly increase cyber risk.
1. We're not a target. Yes, you are.
The cyber crime business system has evolved with the same sophistication and speed that our business world has. No longer do hackers need to be software developers. They can purchase a malware subscription for $50 a month and be in business. The result is that there are a lot more people trying to break into businesses, and there are a lot more places where criminals can sell the data they steal.
2. We don't have anything cyber criminals want. Yes, you do.
Some data has value all by itself – the manufacturing plans for a product, the proprietary process for delivering a service, access to your bank account or credit card information, personal medical records etc. There are other kinds of data your business gathers and stores that can gain more value as cyber criminals combine it with other data points. The more information that can be gathered on a person, the bigger potential for a prize.
Consider that access to your network can also be extremely valuable to cyber criminals because it can open up doors you didn’t even know you had. Case in point was the big Target hack in 2013 when hackers were able to get into the Target network through their HVAC vendor Fazio Mechanical Services.
3. We don't need ____________. Yes, you do.
You can fill in the blank – firewall, anti-malware software, cyber security awareness training, a security policy, updating your software and operating systems, mobile device management, etc. Remember the business owner in Marty’s story? He didn’t think he needed the basic layers of security that could have prevented the cyber attack from happening in the first place. What is really unfortunate about that story is that the owner was getting this out-of-date, incorrect, and dangerous misinformation from his own IT guy – who was not an expert in IT.
4. We're compliant. That's not enough.
Compliance does not always equal security. There have been many recorded data breaches that happened to companies that were verified as being compliant with their industry regulations. Regulations give organizations guidance in many areas of IT security but they are not usually comprehensive enough to keep up with the evolving strategies that cyber criminals use to break in and steal. Compliance shouldn’t be the only goal. IT security should be.
5. We'll take the risk. Are you sure?
Decisions about managing risk can appear to conflict with equally positive objectives such as efficiency and productivity. Take password management for example. Enforcing proper password management is a small and inexpensive way to lock down the doors to your company data but staff may push back because it slows them down. When you compare the hassle of password management with the potentially disastrous impacts of a cyber attack, can you still say that it’s a risk you want to take.
Where are your cyber security gaps?
The first step to improving the way you manage cyber risk and overall business risk is to get a clear picture of where you are right now. Schedule a cyber security and risk assessment to uncover security gaps and get recommendations on how to close them.
About Accent Computer Solutions
Accent Computer Solutions, Inc. is a managed IT services and IT support provider, serving businesses with 30-500 employees throughout Southern California. The company is headquartered in Rancho Cucamonga, California, with IT professionals strategically located throughout San Bernardino, Riverside, Los Angeles, and Orange Counties, as well as Arizona, Texas, and Louisiana.