Cyber Security is Your First Responsibility

Read today’s news and you’ll quite likely read about a cybercrime. It’s as prevalent as robbing a bank used to be. You feel sorry for the victims but you go about your business.

However, you must realize that you could be next. Cyber thieves and extortionists are not only targeting multinational corporations and governments. They are also aiming for small businesses and non-governmental organizations.

As a matter of fact, anyone who possesses a computer system with access to the Internet can be a victim of a cybercrime. Anyone who maintains a database of individual customers or business-to-business statistics can be subjected to a data breach.

NGOs or non-profits that maintain fundraising data that include donor names and addresses and how much they donate are as alluring as beehives for bears. Jessica Robinson, founder and CEO of PurePoint International, prompted non-profits to imagine what their fund raising campaigns would look like if last year’s database was breached and your supporters’ vital information accessed.

If you fall into these categories – and who doesn’t nowadays – you must be doubly careful. Unlike victims of other crimes, victims of cybercrimes can be held criminally responsible for being negligent with their customers and stakeholders’ information. Indeed, as a result, the victimized small businesses and NGOs will have their reputations harmed, can inadvertently subject their clients and advocates to cyber breaches, can be sued, and ultimately can be forced to close their doors.

Every person and business is in danger of cyberattacks and it would be the height of folly to think it won’t happen to you. “If you’re a consumer or business, they’re gunning for you,” warned George Waller, co-founder, Strike Force, an expert in cyber security. With breaches at an all-time high, companies should focus on cyber resilience round the clock because security is never guaranteed.

Earlier this month, I attended an informative and sobering daylong session on what businesses and non-profits must do to protect themselves, their clients and stakeholders. Taking its cue from today’s headlines, the Small Business Development Center of New Jersey at Ramapo College organized a “Cyber Resilience” conference about how to diminish the damaging effects of a cyber security breach.

More than 100 businessmen and women attended the timely event at Ramapo College and heard cyber experts offer advice on protecting their businesses. The speakers explored how entrepreneurs can lessen threats and vulnerabilities, what defenses should be developed, and the resources needed for mitigating a security failure after it happens.

Cyber security and cyber liability insurance today have evolved into business necessities. The task of preventing cyber breaches cannot be delegated to one person or department because cyber security is the responsibility of the owner, director, every manager and all employees.

David Weinstein, chief technology officer, State of New Jersey, pointed out that in today’s business climate, small businesses are as vulnerable to cyberattacks as big businesses. Consequently, owners and directors must pay attention to how they do business via the Internet.

According to Michael T. Geraghty, chief information security officer, State of New Jersey, phishing emails is the number one threat facing Internet users. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

“We’re being bombarded with phishing emails,” he emphasized.

Geraghty said the NJ Office of Homeland Security is mandated to protect citizens and businesses in the Garden State against cyberattacks and other catastrophes. Threats come not only from major global players but also local gangs and hoodlums, he pointed out. To protect your organizations, entrepreneurs and civil society activists must “think like a criminal not like an IT expert.”

Eric Hodge, director of Consulting, CyberScout, noted that state cyber actors are not hacking for financial gain but rather for influence or to undermine our confidence in our system of government. Proof of this is Russia’s recent successful cyberattacks that subverted our election system and spread distrust.

The task of protecting your computer system is never ending because hackers know when you are most distracted and create situations to deflect your attention from what’s going on in your groups. The speakers emphasized the necessity of maintaining good cyber hygiene and installing software upgrades when they become available.

Karen Painter Randall, partner and certified civil trial attorney, Connell Foley LLP, detailed the wide extent of cyber threats by saying businesses should understand that the question is not if they will be breached but rather when. Cyber security is no longer an option, she said, adding that cyber liability insurance is a necessity.

Waller of Strike Force warned that another weighty online threat comes from hackers, who transform seemingly safe websites into locations that could violate visitors’ security. Anything on the Internet can be turned into a harbinger of spyware that threatens businesses and NGOs, he said.

The speakers indicated that small computer users are as vulnerable to cyberattacks as large businesses. They are being bombarded by dangerous phishing emails while the greatest Internet predators are hackers – technologically skilled criminals that can break into any computer system. Of commercial and non-commercial organizations that have experienced hacking, statistically, 60% of them have been forced to close their doors within six months due to irreparably injured credibility.

Businesses were advised to keep track of their employees’ Internet usage since 80% of breaches are the result of employee mistakes, carelessness or malice. Entrepreneurs and NGO managers must keep in mind that their trusted employee could be their weakest link due to a lack of training.

Vikas Bhatia, founder and CEO, JustProtect Inc., said people are key in cyber security and urged managers to perform system scans and penetration tests. If not, he cautioned, someone else will do that and that person doesn’t work for you.

Cyber criminals create more than 400,000 viruses each day that unlawfully penetrate computer systems looking for personal and financial information. Ransomware, or extortion, is successful because it is easy to execute. General data breach costs companies $4 million while globally the figure could reach $5 billion. The average payment to cyber extortionists is in the range of $20-40,000. A personally shocking statistic revealed at the session was that 82% of social security numbers have been hacked more than once.

Vincent J. Vicari, regional director of the NJSBDC at Ramapo College, emphasized the importance of the conference by saying “Today’s event was invaluable for small businesses because small businesses have only one chance to get it right. When they fail or they allow their client list to be compromised, they don’t have a second chance to rebuild their credibility. Today’s event gave hard takeaways that clients can use to protect their businesses so they don’t get attacked the first time.”

The takeaway for small businesses and non-governmental organizations (nonprofits) is that cyber security is not an end, it is a value that should be ingrained into the culture of your business and NGO. You will not begin to be cyber safe until you admit that you are in danger. You cannot hide behind a veil of denial.

On the other hand, thinking about cyber security after it occurs is too late. You have to be engaged in your own cyber security from the moment you first open the door to your office. It’s the owners and NGO leaders’ responsibility to instill confidence in clients and stakeholders that their computer system is secure. Failure to do so threatens reputations and damages operations. Businesses and civil society are responsible for maintaining their cyber security otherwise they could be held liable by their clients.

Companies that you do business with that are cyber safe want to do business with companies that are also cyber safe. If your organization doesn’t meet cyber requirements, it will be taken off your customers and stakeholders’ preferred supplier list.

It is impractical to suggest a return to the days of paper records. So it is incumbent upon you to pay close attention to your digital/cyber records.

Join the conversation in cyberspace about cyber security. I’ll help you spread the word about your concerns.

I’d also like to invite you to visit my Thought Leadership website:

http://thoughtleadership.yolasite.com/              

If you’re looking for advice on recruiting, company handbooks and other human resources topics, I’d like to suggest to you this interesting website:

http://hrtiebreaker.yolasite.com/

Lao, if you’re in northern New Jersey, I’d like to direct your attention to the free services and consultation of the NJ Small Business Administration of Bergen County at Ramapo College. Tell Vince Vicari, executive director, that I sent you. https://www.njsbdc.com/locations/bergen-county/

Scroll down along the Boosting Your Outreach blogsite to read or reread older posts.

How to Keep Cool under Stress

The only differences between small businesses and their larger colleagues are in the number of employees and headquarters size. The intensity of stress is the same across the board.

As a small business owner or a non-profit director, you are faced with a range of issues that keep you up at night.

• Will we conclude the important contract?
• Will we secure a new line of credit?
• Will we be ready for the new product launch?
• Will we convince stakeholders of the importance of our mission?
• Will we raise enough funds in this year’s campaign?
• Will we hire enough employees to get the job done?

And so on and so forth.

For the good of your small business, your non-governmental organization and your own health, it is important to keep stress from debilitating you. You must control anxiety and remain mission driven in order to overcome the problem, keep your business alive and your employees and staffers employed.

So what to do?

I came across an interesting article about how the National Aeronautics and Space Administration officials keep their cool when they encounter mission and life-threatening glitches in a moon launch.

In an article in Business Insider, former NASA flight director Paul Hill explained what his team does in difficult situations. Hill had a high-stakes job managing 24 space shuttle and International Space Station missions for the program.

Hill, the author of “Leadership from the Mission Control Room to the Boardroom: A Guide to Unleashing Team Performance,” led the investigation into the 2003 Columbia disaster. He said NASA’s flight controllers employ certain strategies and thought processes to combat stress during crises. Those tactics came in handy during the 2001 incident, Hill pointed out.

With intense focus, flight controllers are able to deal with potentially catastrophic situations. Instead of “running down the halls with our hair on fire,” Hill said the team would focus on a series of questions:

• What was everything they knew — and did not know — about the situation at hand?
• What did the data actually say about the situation at hand?
• What was the worst thing that could happen as a result of the situation?
• Did the team have enough information to know for sure — and how could they get more information?
• What immediate steps could be taken to continue making progress in the mission or keep everyone safe?

Hill recounted that it’s important not to let past strategies or outcomes bias your understanding about a new crisis whether you’re flying people into space or launching your own business.

He explained that trouble occurs when a calamity happens and you feel the urge to say “No problem, I’ve been in this situation before. This is what we did the last three times. It’s always worked so I'm going to do it again.”

Past successes do not guarantee current or future successes.

Hill said that’s why he always tried to instill a bit of “fear” in his team members, lest they allow their past successes go to their heads.

“What we do today, the decision we make today, matters,” he said. “We have to look at this data and make the right decision and take the right action or make the right recommendation to protect these astronauts, these people who are friends of ours.”

You may not be preparing for the first manned Mars launch, but taking into consideration these NASA tips may help you and your team survive your earthbound complications.

Join the conversation in cyberspace about overcoming stress let me know how you fared. I’ll help you spread the word about your success.

I’d also like to invite you to visit my Thought Leadership website:

http://thoughtleadership.yolasite.com/              

If you’re looking for advice on recruiting, company handbooks and other human resources topics, I’d like to suggest to you this interesting website:

http://hrtiebreaker.yolasite.com/

If you’re in northern New Jersey, I’d like to direct your attention to the free services and consultation of the NJ Small Business Administration of Bergen County at Ramapo College. Tell Vince Vicari, executive director, that I sent you. https://www.njsbdc.com/locations/bergen-county/

Scroll down along the Boosting Your Outreach blogsite to read or reread older posts.