It's about the blind spots, the weaknesses, the potential problems with the systems and the people. These are things many businesses don't think about because they think someone else is thinking about it, or worse, they haven't considered it at all. It's not about the security so much as it is the vulnerability. Someone has to be able to spot the vulnerability before it gets exploited. All business leaders should be thinking about good cybersecurity practices because data is valuable, be it customer Personally Identifiable Information (PII) that must be legally specialized knowledge and techniques, such as intellectual property or trade secrets. When some business people consider cybersecurity, they may think of something the "IT guy" or specialized computer programs address, when, actually, the opposite is true. Yes, the IT department procedures and data security protocols must be cutting edge, but the real danger is in complacency, the failure to keep up with changes and, now, the availability of information about the user, which can be exploited as easily as outdated encryption or an old server. Everything is secure until someone breaches it, and when that someone has nothing better to do all day than to let their computers search for vulnerabilities on your computers, you have the potential for serious cyber-insecurity. Hackers are criminals. They are thieves and terrorists, and they are getting better at what they do, which is stealing, ransoming and exploiting insecure data. Unfortunately, they love the data from businesses because it tends to contain sensitive personal information that they can sell, such as credit card numbers and banking information or ransom, such as an entire database or operating system, and disrupt the whole company. The worst part is that criminals are using public information to make the computer systems easier targets. Several recent breaches included the use of information from employee social media accounts and company websites to make it appear as though the message containing the malware, spyware, virus or worm came from a legitimate source. Unfortunately, clever infiltration schemes. To stay ahead of potential infiltration, business professionals must look at the data system like a hacker. Don't think about how secure your network, software applications or web portals are; instead, look at how secure they aren't. What information is there and how could someone get it? For example, customer portals and payment systems are wonderful tools, but many industries are way behind when it comes to cybersecurity. Businesses have gotten far better at gathering and data-mining customer information through these vehicles than they are about protecting it. A cyber-criminal works on that portal day and night, which means it needs to be constantly monitored to avoid infiltration. If much of this information seems foreign to you, or if you think this stuff only happens to other businesses, then you probably have some holes in your system. To initiate an effective cyber- security plan every business must: (1) find everywhere data resides or is transmitted; (2) ask questions of IT professionals and require a full analysis; (3) educate the entire workforce. For any useful analysis, it must look at both ends of the transaction. Consider the network storing and/or transmitting the data and the people who input and/ or use the data. People and technology have to work together to form a successful cybersecurity system. The network must be constantly monitored. Whether you have internal or external IT professionals at your disposal, you have to ask questions regularly because the status compliance officer at Spicer Rudstrom PLLC. She has led the data privacy and security team helping companies and providers, large and small, with all aspects of their compliance needs for over 20 years. Her mission is to ensure the protection and security of data through better training and the sensible use of technology. 414 Union Street Bank of America Tower Suite 1700 Nashville, Tennessee 37219 spicerfirm.com |