This series of posts started as an outline for a short presentation on Cybersecurity for small businesses that I would eventually give multiple times over a couple of years in the northeast Ohio area. At the time, I was advised to be hard on the listeners, effectively an attempt to scare them into action. I’m no longer certain that was the right approach and future versions of this presentation would rely more on persuasion and story-telling than on fear.
The news around Cybersecurity can be quite frightening. The odds vary depending on what you read, but most of the news seems to agree that it’s not if you’ll be compromised but when. And for many companies, the attacker is already in our network, on our devices, reading our emails, reading our files and looking for the right time to spring the trap.
I used to think that attackers favored large companies for the same reason that thieves target banks: because that’s where the money is.1 But that’s not the case with cyberattacks. Certainly bigger companies receive more attacks that are longer sustained and more sophisticated, but smaller companies are at risk, too. So don’t think you’ll be ignored because of your size. In fact, there may be evidence that attackers target smaller companies because they frequently have less cybersecurity awareness and less cybersecurity budget than larger companies, possibly making it easier for the attackers to succeed.
The costs of a cybersecurity attack can be large and may be different than expected. There may be a ransom demand, and if you choose to pay it, there’s no guarantee that you’ll get all your data back. There may be reputational impact. You may not be able to process orders for an extended period of time. You may experience staff burnout as they fight off the attackers and restore operations. You may lose funds from bank accounts. Some companies struggle to recover and close shop.
I want to cover six solid steps that will make it harder for attackers to get in and will make it easier for you to recover when they do. Because it’s likely not a matter of if you’ll be compromised, but when you’ll be compromised.
The series:
- Introduction (this post)
- Make it Harder
- Make Friends
- Find a Leader (Champion)
- Develop a Plan
- Practice the Plan
- Keep Current
- It’s been said that famed bank robber Willie Sutton made this statement, but that claim doesn’t appear to be valid. This doesn’t stop the statement from being true, however. ↩
