These days we are are all very busy in our day to day lives; working 8+ hours a day, kids, personal development and so much more.
As we go about our daily lives technology is helping us become more productive and successful. There are cloud services, mobile apps, online services and more all created to help us with our business and personal lives.
But what most of us are unaware of is that as we use more of these tools we may be creating vulnerabilities for our business and personal life?
As I study cybersecurity there are a couple of facts that have really struck me: “Software is Hackable” and “Being Connected is Vulnerable”
When you become more successful you will start using new technologies to grow your business. This might be accounting, scheduling, project planning, productivity, marketing, data storage and more. What I’ve found with entrepreneurs is that security is one of those areas that is a second thought when running day to day operations. It needs to be an on-going discussion from start to end.
Think of it as a two sided coin: as you grow your business you also have to protect your business.
Here are some areas of discussion points you should be working on:
1) Are all your systems backed up in multiple locations?
Most of us think of cloud services, social media sites and other services as being safe and secure. But the truth is they can go down as well. Remember “Software is hackable” and “Being connected is vulnerable”. No one service is 100% secure. They do their best to be proactive to security threats but it doesn’t mean it wouldn’t happen. These companies have set up systems to recover as quick as possible if they do get compromised. Which means the possibility of your data being compromised is a possibility. You need to take the steps to have your own security systems in place.
2) How quickly can you recover from a security breach?
Here is one area that has to be considered. We are all susceptible to security intrusions, don’t ever assume you are 100% secure. Hackers are working overtime to compromise company’s software solutions. Some companies are very aware of this and have actually systems in place to pay ethical hackers who find compromises in their systems to pre-empt malicious intrusions.
This is why you need to have your own back up solutions in place to be able to recover if ever your main system gets compromised. Also test it on a regular schedule to make sure it recovers properly.
I have seen people store data on a external hard drives and leave it in a drawer and much later try to boot it up only to have it not start. They need those files A.S.A.P. and now they are not able to get access to it. Yes there are data recover solutions and companies out there that charge a few hundred dollars to recover the drive. But now you’re back up solution is not as efficient and cost effective as it should be.
That is why you need to have a back up strategy and test it on a regular schedule.
Also have your essential data backed up in 3 different locations, for example:
1) Cloud services like DropBox, Google Drive, Back Blaze.
2) Local back up like an external hard drive at the office.
3) Off site location just in case there is fire, break in…etc at your office.
This way you know at any point and time if one or two of your back up systems go down you are always able to recover.
3) Have you done a risk assessment?
Doing a risk assessment on your business is important and should be done on an annual basis. As your business grows and new systems are put in place you need to assess the possible risk of each as well as the potential cost. The costs I’m referring to are the costs in damages as well the cost to maintain your security systems.
This is what you have to do a
– Asset cost evaluation, quantitative and qualitative
– SLE – “Single Lost Expectancy”: If a comprise did happen what would the cost be of that loss. You might have to do some research on this or estimate because it’s a qualitative amount which is subjective to the loss amount.
– ALE – “Annual Loss Expectancy”: which is the cost annually for the expected loss
– ARO – “Annual Rate of Occurrence”: this is the likelihood of an event occurring
– MTTR – “Mean Time To Restore”: how quickly and how much it would cost to recover from a loss
Use this information to figure out how much the loss will cost you and compare it to the cost of the security measures you need to put in place. Then decide: do you avoid the risk; do you transfer the risk to someone else; do you mitigate the risk by putting security measures in place; do you implement deterrence by letting people know you have security measures in place; or do you just accept the risks as it’s not worth implementing security measures because the security systems cost more then the value of the data.
I know this can be overwhelming if you don’t know what to do and I have provided a lot of information. Please make sure this is a discussion you have and don’t procrastinate when it comes to your security systems. I want to make sure you’re not one of the people I hear about that wishes they would have protected themselves before they were compromised.
Remember: “Software is Hackable” and “Being Connected is Vulnerable“
If you have any questions you can check out https://knssconsulting.com/cybersecuritysupport/
Brandon Krieger
