It's about the blind spots, the weaknesses,
the potential problems with the systems
and the people. These are things many
businesses don't think about because they
think someone else is thinking about it,
or worse, they haven't considered it at
all. It's not about the security so much as
it is the vulnerability. Someone has to be
able to spot the vulnerability before it gets
exploited. All business leaders should
be thinking about good cybersecurity
practices because data is valuable,
be it customer Personally Identifiable
Information (PII) that must be legally
specialized knowledge and techniques,
such as intellectual property or trade
secrets.
When some business people
consider cybersecurity, they may think
of something the "IT guy" or specialized
computer programs address, when,
actually, the opposite is true. Yes, the IT
department procedures and data security
protocols must be cutting edge, but the
real danger is in complacency, the failure
to keep up with changes and, now, the
availability of information about the
user, which can be exploited as easily
as outdated encryption or an old server.
Everything is secure until someone
breaches it, and when that someone has
nothing better to do all day than to let
their computers search for vulnerabilities
on your computers, you have the potential
for serious cyber-insecurity.
Hackers are criminals. They are
thieves and terrorists, and they are getting
better at what they do, which is stealing,
ransoming and exploiting insecure data.
Unfortunately, they love the data from
businesses because it tends to contain
sensitive personal information that they
can sell, such as credit card numbers
and banking information or ransom,
such as an entire database or operating
system, and disrupt the whole company.
The worst part is that criminals are using
public information to make the computer
systems easier targets. Several recent
breaches included the use of information
from employee social media accounts
and company websites to make it appear
as though the message containing the
malware, spyware, virus or worm came
from a legitimate source. Unfortunately,
clever infiltration schemes.
To stay ahead of potential infiltration,
business professionals must look at
the data system like a hacker. Don't
think about how secure your network,
software applications or web portals
are; instead, look at how secure they
aren't. What information is there and
how could someone get it? For example,
customer portals and payment systems
are wonderful tools, but many industries
are way behind when it comes to
cybersecurity. Businesses have gotten
far better at gathering and data-mining
customer information through these
vehicles than they are about protecting
it. A cyber-criminal works on that portal
day and night, which means it needs to be
constantly monitored to avoid infiltration.
If much of this information seems
foreign to you, or if you think this stuff
only happens to other businesses, then
you probably have some holes in your
system. To initiate an effective cyber-
security plan every business must: (1) find
everywhere data resides or is transmitted;
(2) ask questions of IT professionals and
require a full analysis; (3) educate the
entire workforce.
For any useful analysis, it must look
at both ends of the transaction. Consider
the network storing and/or transmitting
the data and the people who input and/
or use the data. People and technology
have to work together to form a successful
cybersecurity system. The network must
be constantly monitored. Whether you
have internal or external IT professionals
at your disposal, you have to ask
questions regularly because the status
compliance officer at Spicer Rudstrom PLLC.
She has led the data privacy and security team
helping companies and providers, large and
small, with all aspects of their compliance needs
for over 20 years. Her mission is to ensure the
protection and security of data through better
training and the sensible use of technology.
414 Union Street
Bank of America Tower
Suite 1700
Nashville, Tennessee 37219
spicerfirm.com