Data security isn’t exactly a fun topic of conversation. It’s usually stories of companies getting hacked, consumer data being stolen and IT companies and security companies like us running around yelling “The sky is falling!”
But, the unfortunate reality is, as a business owner, data security is something you can’t ignore (about that sky…). It doesn’t have to be your main topic of thought, but it needs to be on your radar. PTG CEO Reed Wilson recently participated in a Cyber Security Round Table for GSA Business Report to cover some of the basics you should know.
Q1: What trends in cyber-attacks have you seen in the last two years?
If I had to choose one major trend over the last two years, it would be the rise of ransomware (or crypto) style attacks. Ransomware infects a computer or network by encrypting all of the files and holding them for ‘ransom’ usually paid out via Bitcoin.
These can be especially damaging if an entire network is infected – which means that the systems are completely unusable unless the company can restore from a backup or pays the ransom.
Q2: What is the minimum level of cybersecurity a company should have?
There really isn’t a minimum – but if you only have a limited budget the place you should spend the most amount of time and money is on employee awareness. Most attacks happen because a user clicks a link they shouldn’t click or opens a file they should not open.
Train your users on what to look for and what to do if they open up a file they should not open. After user awareness, a good firewall, reliable antivirus, and a robust backup system are the next best bets for your budget.
Q3: What are the consequences of not having adequate cyber security measures in place?
There are two factors to take into consideration: hard costs and soft costs.
The hard costs are fairly easy to measure. Symantec Corporation estimates that the average cost of a breach is about $214 per record. On average, this will equal about $7.2 million dollars in hard costs for a company.
Although it is harder to measure, the soft costs can be just as drastic. How much would bad PR and a tarnished brand cost your company?
Q4: What Upstate business sectors are the most at risk for cyber-attacks and why?
No sector is immune from cyber-attacks. However, sectors that have smaller IT budgets (such as SMBs) or have large amounts of PII (personally identifiable information) such as healthcare/finance are great targets for hackers.
Q5: How does a business know if it is under cyber-attack? What are the early warning signs that a company is under attack?
The cyber security landscape has changed dramatically over the past decade. Previously the bad guys just wanted to spread viruses for the fun of it. Now that data breaches can be monetized, hackers try to stay unnoticed for as long as possible so they can continue to siphon data out of your organization or use your bandwidth to power botnets.
In some cases, an organization may not know they have been breached for months. Things to look for would include slower bandwidth on your network, user accounts that IT did not create, or connections to/from unknown locations in your firewall logs. Again, the goal for the bad guys these days is to make it so that you don’t even know you have had a breach.
Q6: Businesses store data on-site or in the cloud. What are the pros and cons of each storage option in terms of cyber security?
There is no ‘straight answer’ to this question. Typically, cloud storage and cloud services have more robust security measures than the average business can implement. This assumes, of course, that you are working with a reputable cloud vendor such as Microsoft or Amazon.
We typically recommend cloud-based systems for this reason – with an important caveat: You are responsible for securing your user accounts. If the vendor supports Dual Factor Authentication, you should implement it and put a strong password policy in place.
Q7: Looking ahead to the next five years, what do you see as being most concerning in cyber security?
The barriers to entry for cyber crooks are dropping dramatically. A bad actor can go and download exploits online for a few hundred dollars and see a huge return on that investment by deploying ransomware-style attacks. I see this only continuing to grow exponentially over the coming years.
I also think that mobile data security is an area where we will continue to see criminals double down. Almost every employee today is a mobile employee, and one of the areas where businesses are not focusing is securing access on mobile devices.