5 Common Cyber Security Beliefs Executives Have That Unknowingly Increase Their Risk of a Cyber Attack
In a previous blog article, Marty Kaufman recounts the story of meeting with a business owner who was panicked and in crisis mode because of a cyber attack.
If we could backtrack to the days, weeks and months before the attack, we'd probably find that the business owner did not pay much attention to cyber security because he thought the odds of a data breach happening to him was low.
As it turned out, the odds were higher than he thought, and it did happen.
We can’t go back in time and undo all the damage that has been done by this cyber attack, but we can help other executives avoid stumbling over some common misconceptions that unknowingly increase cyber risk.
1. We're Not a Target. (Yes, You Are. We All Are.)
The cyber crime business system has evolved with the same sophistication and speed that our business world has.
Hackers don't need to be incredible coders or software developers. They can buy a malware subscription for $50 a month and be in business! It's an industry of its own.
The result is that there are a lot more people trying to break into businesses, and there are a lot more places where criminals can sell the data they steal.
2. We Don't Have Anything Cyber Criminals Want. (Yes, You Do.)
Some data has value all by itself – the manufacturing plans for a product, the proprietary process for delivering a service, access to your bank account or credit card information, personal medical records, etc.
Other data gets value for cyber criminals when it's combined with other data points -- the more information that can be gathered on a person or business, the bigger potential for a prize.
And access to your network could be all they need.
Access to your network can also be extremely valuable to cyber criminals because it can open up doors you didn’t even know you had. Case in point: the big Target hack in 2013 when hackers were able to get into the Target network through their HVAC vendor, Fazio Mechanical Services.
While you might not be doing business with Target, you have customers who make payments to you. What would it look like if an email was unknowingly sent from your email account to your customer asking them to send payment to a different account number -- and then they paid thousands of dollars to a cyber criminal instead of to you?
These types of scams happen ALL THE TIME.
3. We Don't Need ____________. (Yes, You Do.)
You can fill in the blank – firewall, anti-malware software, cyber security awareness training, a security policy, updating your software and operating systems, mobile device management, etc.
Remember the business owner in Marty’s story? He didn’t think he needed the foundational layers of security that could have prevented the cyber attack from happening in the first place either.
What is really unfortunate about that story is that the owner was getting this out-of-date, incorrect, and dangerous misinformation from his own IT guy – who was not an expert in cyber security.
4. We're Compliant. (That May Not Be Enough.)
Compliance does not always equal security. There have been many recorded data breaches that happened to companies that were verified as being compliant with their industry regulations.
Regulations give organizations guidance in many areas of IT security but they are not usually comprehensive enough to keep up with the evolving strategies that cyber criminals use to break in and steal.
Compliance shouldn’t be the only goal. IT security should be too.
5. We'll Take the Risk. (Are You Sure?)
Decisions about managing risk can appear to conflict with equally positive objectives such as efficiency and productivity.
Take password management for example. Enforcing proper password management is a small and inexpensive way to lock down the doors to your company data but staff may push back because it slows them down.
When you compare the hassle of password management with the potentially disastrous impacts of a cyber attack, can you still say that it’s a risk you want to take?
The risks associated with cyber security have many angles, which is why we held a panel discussion with experts in IT, legal, PR, and insurance. You can catch the FAQs and the recording here: Cyber Security Risk Panel Synopsis & FAQs: What Business Executives Want to Know About Managing Cyber Risk
Where Are Your Cyber Security Gaps?
The first step to improving the way you manage cyber risk and overall business risk is to get a clear picture of where you are right now. Schedule a cyber security and risk assessment to uncover security gaps and get recommendations on how to close them.
About Accent Computer Solutions
Accent Computer Solutions, Inc. is a managed IT services and IT support provider, serving businesses with 30-500 employees throughout Southern California. The company is headquartered in Rancho Cucamonga, California, with IT professionals strategically located throughout San Bernardino, Riverside, Los Angeles, and Orange Counties, as well as Arizona, Texas, and Louisiana.