Mitigating Your Company’s Cybersecurity Risk
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowFrequently, I encounter people who think that a software developer understands all languages and can “fix” anything tech related. While that may be true for a few, areas of expertise within tech evolve as rapidly as the technology itself. For instance, there was a time (not long ago) when operating in the cloud was revolutionary. Today, it is considered best practices for some or all of an organization to function within a cloud.
Managed information technology began with machines like faxes (remember those?) and copiers. Technically, these were early office IoT solutions. As technical solutions became more sophisticated, BlackInk IT became a pioneer specializing in Managed IT, architecting solutions that are safe and effective for our clients.
Cyber security has multiple areas of specialty evolving rapidly into niche areas. For most businesses, the foundation of their IT network is where security measures begin.
A few months ago, I had the pleasure of serving on a panel discussion of cybersecurity best practices at the First Financial Bank conference. A key takeaway from the conversation was to have a cybersecurity response plan in place.
We help companies focus on architecting solutions that mitigate the risks to help protect our clients. While we seek to avoid a cybersecurity event, we also assist our clients in preparing a Cybersecurity Response Plan as part of the overall business continuity plan.
Clients frequently ask our team at BlackInk IT, "Are we ok?" What they are really asking is "Are we safe?" The truth is, our customers have experienced secured processes for decades. If a client clicks on an email link and receives a crypto lock virus (ransomware), which encrypts all of their files, unless you have really good backups and are able to wipe and reformat all of the equipment and layer it back, you may be paying a ransom.
While there are many high profile examples of data breaches, the cyber attack on Madison County in late 2016 was a wake up call to municipalities across the region. This served as a stark reminder that no one was immune to threats, with the impact not isolated to governments, but across all industries.
According to the 2016 Verizon Data Breach Investigation Report, 51% of all cyber-attacks were targeted at small businesses. By 2017, that number had jumped to over 61%. What we’ve been seeing is a clear shift in focus with hackers targeting small businesses over enterprise business. Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective.
The need for validated backups cannot be overstated. BlackInk IT had a client, a professional service firm, who experienced a ransomware attack earlier this year. The malicious software (or malware) that locks the user out of their files or their device, then demands an anonymous online payment to restore access. In lieu of paying the ransom, all servers and data were restored and accessible by the end of the business day. Time-sensitive documents were available via the offsite backup during the restoration process and all impacted workstations were wiped and re-deployed the next business day.
Financial institutions, utilities, and healthcare organizations with compliance concerns need to be more safe than others, which may involve additional steps. One of our challenges is how to apply the best security practices within an organization and not be too disruptive to their business model.
Another challenge is to train staff to be aware of simple efforts. The truth is that any of us while checking email at our off-peak mental hours may click through a link on an email that is cleverly disguised malware. It happens to people all the time. Cyber attack training is no different than a tornado drill or a fire alarm drill.
As cyber threats become more likely, the need for protection has intensified. A strong preemptive strategy that incorporates a comprehensive plan to mitigate risk is a solid best practice for ensuring peace of mind for your corporate IT investment. A secure infrastructure and a trusted response team could keep you in the black. What’s your plan?
Doug Allgood is chief executive officer of BlackInk IT.