Cyber Security is Your First Responsibility
Read today’s news and you’ll quite likely read about a cybercrime. It’s as prevalent as robbing a bank used to be. You feel sorry for the victims but you go about your business.
However, you must realize that you could be next. Cyber thieves and extortionists are not only targeting multinational corporations and governments. They are also aiming for small businesses and non-governmental organizations.
As a matter of fact, anyone who possesses a computer system with access to the Internet can be a victim of a cybercrime. Anyone who maintains a database of individual customers or business-to-business statistics can be subjected to a data breach.
NGOs or non-profits that maintain fundraising data that include donor names and addresses and how much they donate are as alluring as beehives for bears. Jessica Robinson, founder and CEO of PurePoint International, prompted non-profits to imagine what their fund raising campaigns would look like if last year’s database was breached and your supporters’ vital information accessed.
If you fall into these categories – and who doesn’t nowadays – you must be doubly careful. Unlike victims of other crimes, victims of cybercrimes can be held criminally responsible for being negligent with their customers and stakeholders’ information. Indeed, as a result, the victimized small businesses and NGOs will have their reputations harmed, can inadvertently subject their clients and advocates to cyber breaches, can be sued, and ultimately can be forced to close their doors.
Every person and business is in danger of cyberattacks and it would be the height of folly to think it won’t happen to you. “If you’re a consumer or business, they’re gunning for you,” warned George Waller, co-founder, Strike Force, an expert in cyber security. With breaches at an all-time high, companies should focus on cyber resilience round the clock because security is never guaranteed.
Earlier this month, I attended an informative and sobering daylong session on what businesses and non-profits must do to protect themselves, their clients and stakeholders. Taking its cue from today’s headlines, the Small Business Development Center of New Jersey at Ramapo College organized a “Cyber Resilience” conference about how to diminish the damaging effects of a cyber security breach.
More than 100 businessmen and women attended the timely event at Ramapo College and heard cyber experts offer advice on protecting their businesses. The speakers explored how entrepreneurs can lessen threats and vulnerabilities, what defenses should be developed, and the resources needed for mitigating a security failure after it happens.
Cyber security and cyber liability insurance today have evolved into business necessities. The task of preventing cyber breaches cannot be delegated to one person or department because cyber security is the responsibility of the owner, director, every manager and all employees.
David Weinstein, chief technology officer, State of New Jersey, pointed out that in today’s business climate, small businesses are as vulnerable to cyberattacks as big businesses. Consequently, owners and directors must pay attention to how they do business via the Internet.
According to Michael T. Geraghty, chief information security officer, State of New Jersey, phishing emails is the number one threat facing Internet users. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
“We’re being bombarded with phishing emails,” he emphasized.
Geraghty said the NJ Office of Homeland Security is mandated to protect citizens and businesses in the Garden State against cyberattacks and other catastrophes. Threats come not only from major global players but also local gangs and hoodlums, he pointed out. To protect your organizations, entrepreneurs and civil society activists must “think like a criminal not like an IT expert.”
Eric Hodge, director of Consulting, CyberScout, noted that state cyber actors are not hacking for financial gain but rather for influence or to undermine our confidence in our system of government. Proof of this is Russia’s recent successful cyberattacks that subverted our election system and spread distrust.
The task of protecting your computer system is never ending because hackers know when you are most distracted and create situations to deflect your attention from what’s going on in your groups. The speakers emphasized the necessity of maintaining good cyber hygiene and installing software upgrades when they become available.
Karen Painter Randall, partner and certified civil trial attorney, Connell Foley LLP, detailed the wide extent of cyber threats by saying businesses should understand that the question is not if they will be breached but rather when. Cyber security is no longer an option, she said, adding that cyber liability insurance is a necessity.
Waller of Strike Force warned that another weighty online threat comes from hackers, who transform seemingly safe websites into locations that could violate visitors’ security. Anything on the Internet can be turned into a harbinger of spyware that threatens businesses and NGOs, he said.
The speakers indicated that small computer users are as vulnerable to cyberattacks as large businesses. They are being bombarded by dangerous phishing emails while the greatest Internet predators are hackers – technologically skilled criminals that can break into any computer system. Of commercial and non-commercial organizations that have experienced hacking, statistically, 60% of them have been forced to close their doors within six months due to irreparably injured credibility.
Businesses were advised to keep track of their employees’ Internet usage since 80% of breaches are the result of employee mistakes, carelessness or malice. Entrepreneurs and NGO managers must keep in mind that their trusted employee could be their weakest link due to a lack of training.
Vikas Bhatia, founder and CEO, JustProtect Inc., said people are key in cyber security and urged managers to perform system scans and penetration tests. If not, he cautioned, someone else will do that and that person doesn’t work for you.
Cyber criminals create more than 400,000 viruses each day that unlawfully penetrate computer systems looking for personal and financial information. Ransomware, or extortion, is successful because it is easy to execute. General data breach costs companies $4 million while globally the figure could reach $5 billion. The average payment to cyber extortionists is in the range of $20-40,000. A personally shocking statistic revealed at the session was that 82% of social security numbers have been hacked more than once.
Vincent J. Vicari, regional director of the NJSBDC at Ramapo College, emphasized the importance of the conference by saying “Today’s event was invaluable for small businesses because small businesses have only one chance to get it right. When they fail or they allow their client list to be compromised, they don’t have a second chance to rebuild their credibility. Today’s event gave hard takeaways that clients can use to protect their businesses so they don’t get attacked the first time.”
The takeaway for small businesses and non-governmental organizations (nonprofits) is that cyber security is not an end, it is a value that should be ingrained into the culture of your business and NGO. You will not begin to be cyber safe until you admit that you are in danger. You cannot hide behind a veil of denial.
On the other hand, thinking about cyber security after it occurs is too late. You have to be engaged in your own cyber security from the moment you first open the door to your office. It’s the owners and NGO leaders’ responsibility to instill confidence in clients and stakeholders that their computer system is secure. Failure to do so threatens reputations and damages operations. Businesses and civil society are responsible for maintaining their cyber security otherwise they could be held liable by their clients.
Companies that you do business with that are cyber safe want to do business with companies that are also cyber safe. If your organization doesn’t meet cyber requirements, it will be taken off your customers and stakeholders’ preferred supplier list.
It is impractical to suggest a return to the days of paper records. So it is incumbent upon you to pay close attention to your digital/cyber records.
Join the conversation in cyberspace about cyber security. I’ll help you spread the word about your concerns.
I’d also like to invite you to visit my Thought Leadership website:
If you’re looking for advice on recruiting, company handbooks and other human resources topics, I’d like to suggest to you this interesting website:
Lao, if you’re in northern New Jersey, I’d like to direct your attention to the free services and consultation of the NJ Small Business Administration of Bergen County at Ramapo College. Tell Vince Vicari, executive director, that I sent you. https://www.njsbdc.com/locations/bergen-county/
Scroll down along the Boosting Your Outreach blogsite to read or reread older posts.
No comments:
Post a Comment