Cybersecurity Starts at the Top
Submitted by Back to Business I.T.
Cybersecurity, the ever-changing necessity that is growing seemingly ever more complicated, is now more important to the wellness and success of businesses across the globe. The consequences are higher than ever before: the FBI’s most recent Internet Crime Report reports the total cost of the 467,361 complaints they received at over $3.5 billion in 2019. Cybercrime is lucrative and target-rich for criminals around the world, and without proper planning and protection, it isn’t a matter of if your business will be compromised, but when.
The burden of responsibility to build a culture of strong cybersecurity rests with an organization’s leadership. Cybercrime has grown from an inconvenience to a legitimate business risk, often dealing fatal blows to small companies. Too often aspects of cybersecurity are overlooked, especially with small businesses. According to The National Cyber Security Alliance, 20% of small businesses experience some form of cyberattack every year, whether they are aware or not, and that 60% of those businesses are forced to close within 6 months of being hacked. Those who have no idea where to start with their cybersecurity efforts or what to do in the event of catastrophe aren’t alone. More than half of small business owners have no plan in place to deal with a cyberattack.
Keep these key concepts in mind when crafting an effective cybersecurity strategy.
Policy. Cybersecurity starts with one thing — policy. Policy should drive an organization’s cybersecurity practices, not the other way around. Leadership’s understanding, approval and enforcement of properly designed policy is paramount to success. Policy in place is far different than policy in practice.
Data. A company’s data is the most valuable asset it has and must be protected. Data gathered by Datto indicates that the average cost of downtime in the event of a ransomware attack – an increasingly common form of malware – increased 200% between 2018-2019. Leadership must understand what their data is, where it is, what level of protection it requires, and have a plan on recovering it in the event of an attack.
Infrastructure. Proactive management of your I.T. infrastructure is paramount to keeping your company cyber-secure. This means if it’s connected, it should be protected. Protection is multi-faceted and isn’t one-size-fits all; different organizations have different needs. Leadership must put in place people and actions that ensure that organization’s information systems are secure, updated, and protected.
People. People are the weakest link in the cybersecurity chain. If they are not trained and aware of common threats, they fall victim to hackers and compromise company data. Verizon’s 2020 Data Breach Incident Report shows that over 67% of data breaches are caused by credential theft and phishing. Leadership should be a driving force in instituting ongoing cyber-awareness training for their employees and themselves – leadership is not immune cyber threats and often are the most targeted individuals.
With strong and calculated policies in place, in-depth knowledge of company data practices, proactive management of secure infrastructure, and effective user training to prevent attacks, a company can make considerate protections against cyberattacks and mitigate as much risk as possible. Without the buy-in and understanding of what is at stake by leadership, the organization’s cybersecurity efforts will almost certainly fail.