If you haven’t fallen victim to cyberattacks or data breaches, you’re probably thinking to yourself, “my business is simply not a target”.
The problem with this mentality is—especially in our current cybersecurity landscape—you never know if you’re really a target until it’s too late.
Think of cybersecurity like fire prevention.
The likelihood of your house actually catching on fire is probably pretty nil. But you probably change out the batteries in your fire detectors and probably have appropriate-sized doors and windows in the event a fire were to happen. Even though the odds of it happening are pretty slim.
You’re probably taking precautions securing your families against hazards like a fire because you know what the aftermath could look like and you’d never want to have to imagine it happening to you. You’re not willing to take the risk of having to confront a fire in your home unprepared and are willing to invest in making sure that you’re notified in the event of a fire.
Today, the likelihood of your business being attacked by cybercriminals FAR exceed your chances of it getting destroyed by a fire, flood, or other natural disasters combined.
I’m sure you even have precautions within your office for a fire—sprinklers and special fire extinguishers to control a blaze so that you don’t have to face a pile of smoldering embers where your business used to be.
But even though cyberattacks are currently the number one disaster impacting businesses—to the point of closure—many business owners (even in healthcare) remain unconvinced that they need to invest at all in protecting their networks against these attacks.
A few common objections to investing in keeping data secure:
“We’re too small to be a target”— hackers don’t discriminate. Size really doesn’t matter when it comes to cyberattacks. What’s more important to a criminal? That your easy to attack and will pay a ransom.
“We spent money on this stuff a few years ago and haven’t been attacked”—cybersecurity is evolving daily. Criminals are devising newer ways to bypass old security philosophies and technologies. If your organization hasn’t updated its policies, procedures and investments on cybersecurity in a few years, you’re likely risking being attacked from a different angle that wasn’t addressed since the last time you looked.
“This couldn’t happen to us”— it doesn’t matter if you are an international organization, a local government, a doctor’s office or a shoe store, hackers look for the lowest hanging fruit—those organizations that do not invest in protecting themselves—to make easy money with little effort.
“Cybersecurity is too expensive”—while some organizations may devote a good chunk of the IT budgets on cybersecurity, for most, effective cybersecurity doesn’t have to cost an arm and a leg. Making sure you’re implementing smart security to maximize their effects and make the biggest impact on keeping your organization safe should be your priorities. (Consider a free network security assessment to identify what should be your major concerns.)
The bottom line: no matter what excuse comes to mind why you’ve either decided not to go through with implementing effective cybersecurity protection across your organization or why you don’t need to protect it, cybersecurity will remain your biggest risk in 2018 and beyond.
The reality for any business owner is that cyberattacks are not a possibility. They are eventualities. Your organization is not immune to an attack. Hackers are in the business of creating wider and wider nets to catch potential victims. It doesn’t matter your size—you may have a handful of people or thousands working for you. Hackers have identified your value and are trying to penetrate your defenses.
There are countless examples—even within the Philadelphia metro—where a company gets hit with a ransomware attack, the hackers demand tens of thousands worth of dollars in Bitcoin, the organization decides not to pay and the company pays ten times the amount of the ransom note to recover systems back to normal (note: if you are trying to be HIPAA compliant, paying a ransom is NOT an option).
Organizations that are able to recover are lucky. The majority of businesses confronting cyberattacks end up closing their doors within a year of getting attacked.
To be clear: money isn’t really your constraint to effective defense.
You may never have enough money or resources to prevent every single disaster or attack from happening, but knowing where your systems are most likely opening the doors to cybercriminals and being prepared to confront pressing issues is a MUST in today’s business world.
How can you invest the right time and energy into cybersecurity? Think of effective cybersecurity as having four major components:
Prevention—you need a combination of systems and procedures designed to keep hackers from accessing your network. Has your IT support patched your machines lately with the latest patches? Are they monitoring and maintaining a modern firewall? Do they inform your user of the latest scams to deceive users into opening doors?
Prevention goes a long way to keep hackers from even being interested in your organization. The more hurdles you have in place to make life harder for them to get onto your network, the more likely they are to move on to some other network that is easier to crack.
Detection—just like your fire alarm will sound if a fire starts in your building, so too should your network monitoring. If your IT Support is effectively monitoring your network, they should be able to detect if something or someone has penetrating your defenses and find traffic or activity on your network that doesn’t seem to be normal (your IT guys should know what normal looks like for your network).
Detection goes a long way to keep your data secure—instead of ending up with a completely encrypted network, with proper detection in place, you might risk only losing data on a single machine.
Response—a carefully rehearsed and coordinated action plan is critical to recovering from any size of attack (or disaster). If your team doesn’t have a vetted disaster recovery plan, your network, and subsequently your operations, may be down for weeks instead of a couple of hours.
Knowing how to respond and having everything documented is a critical step to ensure you’ll move past a cyberattack in the event one strikes.
Recovery—your ability to resume normal operations may be the difference between life or death (especially if you are in healthcare) or the difference between clients or patients going to someone else for services.
Being able to not only follow your disaster response plan, but implement a plan that leads to complete recovery for your operations team is critical to your business survival.
Are you sure you’re covered in the event a cyberattack hits?
Consider a FREE network security assessment to lay out a roadmap on how to prepare and plan for an attack.