By: Jeremy Harris, IT Mindshare CEO
Let me start off with the main point right in your face: Get your mind right, get with the times and start taking cybersecurity seriously. It’s “a thing”, and it’s here to stay! Twice this week alone we have had clients reach out to us asking for help with what appears to be a very simple and successful cyber attack. Attacks that could have easily been prevented with basic security protective measures. In fact, one of the clients has sat on a proposal to implement basic protective measures for roughly a month because the minimal costs weren’t in the budget for preventative measures. Well….all hell is about to break loose now. What happens next is a trifecta of implementing the ‘Incident Response Plan’ (which most companies don’t have), isolating the issue which includes significant disruption to operations and then repairing or bringing in a forensic computer scientist to determine the root cause and if any protected data was taken which includes significant costs.
It’s really frustrating to watch from our end. The measures to protect are so simple but they must be implemented correctly by a professional that actually understands cybersecurity, not just some company trying to sell yet another piece of software. All of that being said, what’s the hold up? Surely not cost when basic solutions start as low as $10/workstation. Ask anyone who’s been through a cyber attack and they will tell you that the costs are high and the mental anguish and reputation damage are well worth the preventative measures. So, what is it then?
The answer is simply that cybersecurity still isn’t part of the culture of small businesses…yet. We’ve adopted certain things like antivirus as normal but that’s about where it stops. Companies don’t see the value in the preventative measures until it is unfortunately too late. The real gap here is in leadership and especially leadership that hasn’t continued to learn since they completed that MBA back in 1985. My how things have changed. A new MBA graduate should be well versed in cybersecurity and advanced analytics as much as they should be versed in financial and operational matters. It all boils down to trust and giving an IT person or entity what we call a ‘seat at the table’. If your IT person that you trust says to take this seriously and budget for preventative measures you better do it. If they don’t say that, then find a better person to represent your IT department. Get your mind right – this is serious business and you’re far more likely to make a claim on your cyber insurance (which you better have!) than you are on flood, fire, theft, errors and omissions, etc. It’s real. It’s expensive. It’s mentally and reputationally damaging.