You wouldn’t leave the doors to your business unlocked, would you? Of course you wouldn’t. In the same vein, companies go to great lengths – installing alarms and cameras and hiring security – to ensure their locations are physically secure. Yet too many companies are not giving their data security the same priority as their physical security. They underestimate both their risk of becoming a data breach victim and its consequences to their business.
Every single business, no matter what size, is at risk. It’s usually not a question of if, but when evil hackers will find you. While we’re all aware of the big risks such as breaches, there are a lot of lesser-known threats faced by less mature companies and it’s important to be willing to learn from other companies’ mistakes when you are crafting your business ecosystem.
Let’s look below at 5 lesser known impacts of poor security.
1. The risk of personal lawsuits– A company’s board is usually assigned due care responsibilities and its c-level employees are typically assigned due diligence responsibilities. In the past two years, a new development has been occurring in which shareholders and customers are suing c-level employees and boards of directors for security negligence. Suits against Yahoo, Paypal and Equifax are great examples of the potential fall-out that companies face if the legal, technology, and business teams do not work cohesively together to ensure a 360 degree cyber security solution is deployed when managing a breach. Therefore, the CIO and its board members must take an active role in evaluating the company’s cybersecurity measures.
2. Conflating security with IT– Many low-maturity companies think they are dealing with security because they don’t understand that security and IT are not one and the same. Security is a business process and IT is a business service. These two separate functions are lumped together by a surprisingly large number of companies. That’s a problem for a number of reasons, including the fact that many businesses only figure out there’s a difference when a breach is the result. That’s a hard way to learn.
3. Not having a crisis plan– Your company can cause damage beyond the financial effects of the breach by damaging your business’ reputation. If you don’t have a plan in place, you can compound the errors you’ve already made. Target’s breach in 2014 is a good example of this because in the opinion of many security professionals, their communications to their customers made their situation worse. Figuring out what kind of communication to distribute after the incident has already occurred is not the best approach.
4. Not vetting your suppliers– It’s important to make sure you know your security score. This score is similar to a credit rating and it determines how secure your environment is. You should make sure you are also monitoring your supplier’s scores so you can protect your company from all angles. This is what caused Target’s 2014 breach. The initial intrusion into its system was traced back to network credentials that were stolen from Target’s HVAC subcontractor.
5. Not looking at other companies’ issues– The security world is ever-changing as threats and issues evolve, so a mature company will monitor what’s going on with other companies and will observe how they’ve handled their security problems. It’s important to be aware of new threats, but it’s also important to see how problems are handled, successfully and unsuccessfully, and learn from those situations.
Although there is no “silver bullet” that can protect your business from breaches and cybercrime, putting in place adequate security measures is essential for continuity and stability. Need help? Contact us to help you map out a plan to create a comprehensive business ecosystem.