Business Security — How’s Yours?

I have a confession. I have never really paid a lot of attention to the topic of business security from the technological side in any operation I have led or launched.

Like you, I read and tut-tutted about the headlines of the high profile hacks. Over the years, I always budgeted great gobs of funds to ensure all the servers and desktops had reliable backups – both in processes and hardware. I fussed that the security software was up to date to keep cash transactions secure. And I put the screws on allowing additional on-premise non-approved software to ensure only authorized software was allowed in.

Never once, in the last 25 years, did I ever think that breaking into my computer systems would happen.

That is until the pandemic hit

Suddenly every single company, regardless of size or industry, needed digital capability. Many more found they needed digital transformations. And the bad guys? They hit a massive jackpot by surreptitiously uncovering the unprotected areas. Want proof? This article lays out the stats and, more importantly, the whys.

Our Reality Today

We all can see that remote work is here to stay. Unfortunately, too many businesses have had a similar attitude to mine about online security. Consequently, there is a vast knowledge gap and training gap around cyber-attacks and how to protect against them. And too many IT departments and IT suppliers are still overworked – from both the switching over caused by COVID and the attempt to find some new fully functioning environment.

All this has led to a massive increase in vulnerability. Today. As you just read in the above-noted article.

• Businesses big and small have reported a drastic reduction in their security posture since the pandemic began. Way less than half of them believes they are effectively positioned against cyber-attacks. (To which, I ask, “what about the leaders and business owners who are thinking like I did for so many years?”)

• More than seventy percent of all organizations are very concerned about remote workers being the cause of a data breach. Not surprisingly, the most significant concerns are the state of their personal devices and their physical security practices.

• IT departments and vendors are still clearly overburdened by this sudden pivot to remote working. 56% say that the time needed to respond to cyber-attacks has increased, which pairs with a 59% increase in access to business-critical applications.

• Maybe the worst is more than 60% of survey participants have already experienced cyber-attacks during the pandemic. And 51% of those say that that malware or exploits managed to get past their defences. Of these attacks, credential theft and phishing are the most common approaches.

On Ignorance and Inattention

Let’s get real. Funding online security is a contentious issue. Because the undeniable truth is nobody likes to buy insurance. And the cost of any solution to protect against cyber-attacks is just that. Insurance. So, let’s look at it another way.

Assume you were attacked in the following scenarios —

1. What would it cost if you lost your entire computer system for a day? (Let’s assume your people are not like most teams. Your people can still conduct 25% to 50% of their day for company business – without needing to access a computer. Take the average salary of team members, multiply it by the total number of staff members and then take 50%-75% of that number.) Can you afford to absorb that cost easily? For how long?

2. What would it cost if your entire customer list — with sales, profit and margin information, as well as payment terms, was leaked to the public? (You will assuredly lose some business besides your reputation. ) Calculate your bank account impact by removing your book of business for your top one or two customers. Or what is the effect of just 25% of your customers leaving for safer competitors? Can you afford either of these scenarios? How about both? Yes, this does happen.

3. You’re different. You know that online security is needed, but you are not much interested beyond that. You blindly trust your bare-bones (understaffed OR inexperienced and inexpensive) IT department or your low-cost supplier to protect you. They assured you they had it all under control- until they didn’t. What would it cost to replace/upgrade your IT people OR even just your IT security systems? How much time would it cost you to get out of the arrangement you have with them, find a new crew, get them up to speed, AND keep your business going? The answer is somewhere between a bit and a helluva lot. Again, can you afford this?

Be Clear About Your Odds

You have every right to ask, what are the odds of my business security being compromised over the next year? According to the trajectory of occurrence, only over the last few years, it is no longer about IF. It is all about WHEN. And the best odds answer I can give you is between 51% and 100%. Pretty much the same odds the scientists have been providing for years as to when a global pandemic would hit.

Suppose you are willing to take a chance. Your business won’t be hit. That’s actually quite fine. You are smart and manage a solid business. Every smart and solid business has a written contingency plan in place for just about any kind of scenario. And every smart and solid business also has a robust cash balance that can easily be liquidated for emergencies.

And what if you are not willing to take a big risk and want to reduce your odds?

