New Year’s Resolution for Your Company: Cybersecurity

The new year typically brings thoughts of improving one’s life, whether through diet, exercise, reevaluating priorities or some other self-help trend of the day. That’s wonderful, and more power to you — I hope your resolution sticks.

But while you do that, take a look at ways of improving your company and protecting your business. One that is way too often overlooked or ignored is cybersecurity. Our friends at Cybersecurity Executive Forum have published the following article and are available to be a resource for you in thwarting the inevitable threat of hackers and data miners.

Layne Bradley, Mal Bass and their team have developed a program to prepare business owners and CEO’s to lead their own cybersecurity programs, prevent cyber attacks and to effectively respond in the event of a data breach. Contact K&A for more info.

---

Cybersecurity is a Critical Business Issue

Written by Layne Bradley, Co-Founder, Cybersecurity Executive Forum

Owning or running a business as President has always been a daunting task. The number of activities, issues and challenges that must be dealt with daily can be overwhelming. Today, Owners and Presidents have a challenge to deal with that can affect the actual survivability of the business-cybersecurity.

For many of those running companies, cybersecurity is completely foreign. They know it is serious and they know that companies continue to experience breaches that result in loss of money, customer data and customer confidence that can have very serious consequences-even to the point of the company ceasing to exist. But, beyond that, they know very little about it, do not know how to learn more about it and do not have the resources, either finances or people, that can help them to understand it and learn how to protect their company.

Consider these facts:

1. In 2019, there were a reported 1,473 cyber breaches in the United States, with 164.68 million sensitive records exposed.
2. During the first half of 2020, there have been 540 reported breaches.

The FBI states “it is not if you will be breached, it is a matter of when you will be breached.”

Notice the word reported. There are many unreported breaches that occur. Companies are reluctant to let it be known they have been breached because of the impact it may have on their customers, and the potential loss of revenue as a result. I have spoken personally to a number of bankers, and they told me they are constantly being attacked every day and have to work hard to prevent a breach.

Even if you have your company well-protected from a potential breach, it is still not safe. A successful, high tech company in Australia, that was responsible for protecting its customer’s data, was breached by a simple technique known as social engineering. It is a term that refers to a hacker dealing with someone in a company to successfully get a password then using it to gain access to the company’s network and data. In the case of the Australian company, the hacker was able to make friends with the number two security individual and gain a password. The hacker, who was not a skilled, technically trained individual, had picked the company at random. Within a week, the company was destroyed financially and had to liquidate. Here is a link to a video where the former President of the company describes his experience. I recommend you view it. https://www.abc2c.com.au/firsthand-account-of-a-cyber-attack

If that can happen to a company that by all accounts had a very strong security program, then it can certainly happen to companies that are completely vulnerable, such as small to medium sized companies often are.

But there are some simple things that companies can do to help reduce their possibility of being breached. Ninety percent of breaches are cause by phishing. That is a simple technique that hackers use. They create a document that contains malware, which is malicious software, such as a computer virus, then send it to many email addresses offering something that is usually too good to be true, such as a special deal on travel. An unwitting employee opens it, and the malware is downloaded into the company computer system, which becomes infected. From there it is relatively easy for the hacker to get to the company’s data and steal whatever they want. Often, the company may not even know immediately it has been breached.

Phishing can be curbed by a company policy that requires that employees do not open any suspicious email attachments, like the one discussed above, and providing training to the employees about phishing. The cost to the company of writing such a policy and providing the training is negligible.

Another way to help make the company more secure involves passwords which is the second way many breaches occur. Many individuals use only a six-character password. It takes a program designed to break passwords only ten minutes to break a six-character password. If the password is an eight-character password, it takes the program six years to break it and if the password is a 12-character password, like mine, it takes 200 years.

By creating a phishing policy and training employees on it and requiring passwords to be at least eight characters and changed regularly, the company has just provided itself strong protection against the two most common techniques used to gain access to company computer systems at negligible cost.