Maybe you are fortunate enough to live in a safe community: you could leave your car unlocked and nothing would happen to it. What if you also left your laptop on the backseat? Would it still be there later? What if you had cash laying on the backseat? Could you come outside to your unlocked car and every dollar would still be there?
Maybe. But it’s also not likely a risk you would take.
Yet many companies are doing something quite similar: leaving all of their data exposed with a lot of confidence that closing the doors, without any real lock, is sufficient protection.
That overconfidence may be making you a sitting duck for a cyber incident.
Risky Thought: We Are Too Big (or Too Small) for a Cyber Attack
Reality check: companies of every size face cyber attacks so frequently, it’s really not a question of “if” so much as “when.”
True, hackers like to go for the big fish, and threaten a major brand like Target or Home Depot. That sort of incident is usually financially driven: large companies have so much credit card data on hand, which can be sold on the cyber black market.
But not every hack is about credit card numbers, whether or not your company (of any size) stores them. A company of any size has data that can go for a price: personnel records, social security numbers, business contacts, even your emails lists, can all be used for nefarious purposes.
The growing trend in cyber attacks, ransomware, also affects all-sized companies: malware locks up your data and you pay to have it released. You see, even if your data is not valuable to an outside source, it’s valuable to you. Attackers can exploit that as well.
So never presume that you are too big, nor too small, for an attack.
Risky Thought: Our Firewall Can Handle Anything
Reality check: a firewall does not constitute a hacker protection plan.
Firewalls do handle a great deal, just as spam sorters do. If you look through what was caught, you may be shocked and amazed at the quantity of attempted attacks each day.
But these days, firewalls are not really the only protection you need. A firewall is about having a safe perimeter, a necessary function and standard now in every business. Web filters and antivirus software have also become standard, for good reason (and are also necessary components to your safety structure).
Now, many other layered tools are also necessary to protect your data: compartmentalizing access, data layering, device isolation, etc. are all part of what an expert can analyze to set you up for better prevention and an internal structure that minimizes threats if they do happen. Your website, internet connection, software, hardware, employee records, client records and more all need this kind of fine-tooth examination.
Risky Thought: Those Malware Scams are Dumb, and Our Employees Wouldn’t Fall for That
Reality check: phishing attacks are more plentiful (and more successful than ever), and the majority of cyber attacks come from within.
True, you could have a disgruntled (or financially-motivated) employee intentionally launch a cyber attack, depending on the nature of your business. That’s pretty unlikely, though. What is more likely is an unintentional attack, such as falling for a duplicate website (and putting in password information), clicking on a dubious link or attachment, or providing sensitive information to the wrong source.
Examples are too numerous to list in full, and they are getting smarter. What used to be fairly obvious, such as someone in a foreign country claiming to give you a prize if you just send them your bank account information (which people still fell for sometimes!) has grown. The CEO’s account can be ghosted, and he asks for employee social security numbers. A login page can look remarkably like the one you usually use, but then you are giving away your user name and password. An attachment in almost any format can now contain malware.
As soon as we finish telling you about one kind of attack, there will be another; which is to say, your employees are not dumb, but neither are malware creators.
So if hackers are getting smarter every day, shouldn’t you be as well? Shouldn’t threat assessment, mitigation, and employee education be part of your regular workweek?
Just as your grandma would say that, “an ounce of prevention is worth a pound of cure,” threat mitigation in advance of an attack is much better than cleaning up after an incident.
Though, incident clean-up is possible, wouldn’t it be better to save all of that time and money (and reputation risk) with a little prevention?