Do you always wonder why your information technology person drones on and on about cybersecurity while you’re just hoping they don’t notice your eyes starting to glaze over?
As the president of an IT firm, I’ve witnessed this firsthand. But don’t worry, I’ve developed a breakdown of what leaders need to know when it comes to cybersecurity and how you can use it as a real competitive advantage:
Productivity: Many small-business owners, in my experience, envision cybersecurity as “nice to have” in comparison to a must. But cybersecurity should be thought of as a form of business continuity. This gives you the upper-hand when it comes to production. Prepare for hackers with fail-safes, like image-based backups, to set your company up for disaster recovery and misbehaving employees.
Public relations: Not having a real cybersecurity framework can also turn into a PR business killer. Let’s look at this through the eyes of a small-business-level company: Think about how others would perceive your lack of care for their data. To use your cybersecurity as a competitive advantage when it comes to public relations, show your clients how seriously you take the security of their data. And if your competitors’ clients start leaving because of a breach on their end, you will be ready for them.
Gaining and retaining employees: Cybersecurity can help you lock down your most important information not only from evil-doers but also from competitors. For example, if a salesperson leaves your organization and joins a competitor’s, they might try to take your company’s intellectual property along with them. To avoid this, you can implement IT policies, software and configurations. Even if you try to enforce a non-disclosure agreement, having these types of components in place can help supply proof if (or when) malicious activity has occurred.
Getting Started With A Base Framework
As a business leader, it is your responsibility to think about the future, but cybersecurity is changing faster than summer blowing through Chicago. The question has become, “How do you stay ahead of the next wave?” I recommend you start with a base framework.
Start by shoring up the protection for your edge, email and endpoints. When someone wants to add something malicious to your system, they are generally coming in through one of those ways. Ask your IT provider what they are doing to protect each of those areas.
To make their answers a little more palpable, there are a few things you can ask about specifically. For the edge, for example, you might ask about next-generation firewalls or universal threat management devices. And for your endpoints, you can ask for solutions beyond just antivirus software, such as deep learning.
With email, you want tools in place that allow for spam filtering and click protection. Even more importantly, inquire about training for your users. Corporate-sponsored or internal phishing attacks are one example. These attacks allow your company to test its users’ ability to spot a phishing email without being really attacked.
After you have your ports of entry secure, you should also have a business continuity and disaster recovery plan in place. It’s imperative for every business to have the ability to reverse time (at least in regards to its data). If you don’t have a way to turn back the clock on your entire system quickly and easily, you are just asking to burn money.
To ensure you are not in the burning-money category, consider using an image-based backup that takes hourly snapshots of your system and backs up in two completely separate locations with a different operating system than the one you use every day. A number of companies, my own included, provide this type of service. Viruses spread using the same operating system, so having a different one back up your system is another layer of protection. The devil is in the details, and the details are your people’s time. A backup as described can have you up and working in an hour, whereas a traditional backup would take you at least a week to get your people working again.
Preparing For Challenges Along The Way
However, there are challenges to consider when you implement cybersecurity systems into your company. For example, does your system adhere to compliance laws? Your business might not be under any compliance laws yet, but I believe it’s only a matter of time until it will be.
The General Data Protection Regulation from the EU has already caused a stir in the U.S. In fact, Arizona has already adopted a similar compliance law, and California’s consumer privacy act will go into effect in January 2020, according to CNBC. Considering Arizona’s law includes fines up to $500,000, it could be wise to get out in front of these changes to the law.
Doing so allows you to become the receptacle for all the clients who no longer have a provider because your competitors have been fined to death. Start looking at the National Insititute of Standards and Technology Cybersecurity Framework as your advance cybersecurity framework. Compliancy laws will model themselves after this. This standard defines how to protect the access to your data at rest and in motion.
A company’s competitive advantage comes from realizing the time gained for its employees in comparison to the capital investment in cybersecurity. This lines ups with one of my favorite old adages, “An ounce of prevention beats a pound of cure.” The companies I have seen be successful in this area know cybersecurity is not a “nice to have” but as a must.
Additionally, when budgeting IT infrastructure and cybersecurity, they should be seen as two separate line items. It is true they work together for your business, but IT infrastructure is for operating and cybersecurity is for protecting. They have completely different goals like gas and brake pedals.