One of the biggest obstacles in cybersecurity is company executives who think they do not need to worry about cyber-attacks. The range of excuses why cybersecurity isn’t on executives’ radars are wide and we’ll debunk them in a bit.
Keep in mind, if you don’t do anything to prevent or mitigate a cyber-attack, it will probably be too late to do anything once it starts. Whether you’re a Fortune 500 enterprise or a small three-person company, 94% of all companies do not survive more than two years following a major data loss regardless if it is a cyber-attack, theft, or disaster. [Gartner]
Prevention is the best way to protect your company’s future and it is a lot cheaper too.
Myths Executives Like to Tell Themselves about Cybersecurity to Sleep Better at Night:
- “We’re Too Small to Be Targeted for a Cyber-Attack” – Your company may not be a direct target for a hacker, but that doesn’t stop bots from finding your “open windows” and attacking because you provided hackers with an easy, unprotected target. In fact, nearly half of all cyber-attacks target small businesses. [Inc.]
- “Cybersecurity is Too Expensive” – A virus can slow down your entire network 10-30% for months before you notice anything is wrong, costing you productivity and the loss of unsatisified customers. It can take an IT professional over 50 hours to remove a virus from your network and to remediate the effects from it, costing you $50,000 easily.
- “Macs Can’t Get Viruses” – While Apple users were not the primary target of viruses for many years because hackers preferred to attack a larger percentage of businesses and personal users, Macs are a target now and they are susceptible to viruses just like their Windows counterparts, including iPhones and iPads.
- “Mobile Phones Can’t Get Infected” – Cell phones are not just phones anymore. Smartphones are portable computers with a phone application, meaning they can get viruses. Mobile devices (phones and tablets) are prime carriers of malware because most people don’t think they can be infected. In fact, cybercriminals commonly exploit smartphones that haven’t been updated. [Kaspersky Lab]
- “We’re Not Online” – While this excuse isn’t heard as much as it was years ago, it is still worth responding to because you can be attacked unwittingly via an employee’s personal or company-owned mobile device, or an employee can steal data via thumb drives and CDs.
- “I Trust All of My Employees” – So why do you lock your bookkeeper’s office and file cabinets? Trust is good, but don’t treat your digital data differently than you would hard copies of financials. By having the right processes and controls in place, you can minimize the potential of an internal attack. Just having individual login credentials and changing your passwords often is a big enough barrier for most employees.
- “Trust Me, I’d Know If My Computer or Network Has a Virus” – Nearly half of IT professionals don’t know if they have a virus or not because they don’t have the time or tools necessary to monitor their system, so it is unlikely that a non-IT executive would know if the company has a virus.
- “No One Can Make Us Do Cybersecurity” – Technically, no one can make a company protect themselves from a cyber-attack, but the government does require certain businesses to protect their customers (patients) private information. You may be required to follow certain cybersecurity guidelines such as HIPAA for medical providers, FDIC for banks, and PCI compliance for every business that takes credit cards!
Don’t let excuses blind your better judgement. If your information is valuable enough to lock the door at night, do the same with your network online. A good IT firm can help you to determine your current vulnerabilities and potential exposures, develop a defense plan, and work with you to remediate any concerns and to prevent future incidents. For most companies, cybersecurity does not cost millions of dollars.
“An ounce of prevention is worth a pound of cure.” – Benjamin Franklin