Why Security Won’t be the Reason You Succeed, but may be the Reason You Fail
At Cadre, we like to say that security isn’t the reason your company succeeds, but it could be the reason it fails. There’s a lot at risk when a company fails to implement a thorough and successful security eco-system and some companies will never recover from the devastation of a security breach.
What is the true cost of a security breach? It is more than company data and personal information. The true cost is the business’s reputation and loss of consumer confidence. Both of these determine whether a business can recover.
For instance, a company called MyBizHomepage was once valued at $100 million. The chief executive officer fired the chief technology officer and two other senior officers, who did not agree with the CEO’s business decisions. In retaliation, the trio launched a revenge attack that crippled the site. After spending over $1 million in attempt to resolve the breach, the company’s directors decided to remove the site from the internet because it had been rendered useless.
This doesn’t only happen to big companies. In fact, trustworthy data shows that about 60% of medium-sized businesses will cease operations about two years after a major breach. Now, it’s hard to separate correlation and causation, but clearly, there’s something significant going on for the number to be so high.
So what can you do to ensure your company’s security isn’t the reason you fail?
1. Build a culture of security – Most people believe that only IT people and other employees on the front lines need to know about security. In actuality, you need security awareness for all the different roles in an organization so everyone is aware of the basic risks and can determine whether they are making a risky decision.
2. Enlist a trusted advisor - If you don’t have the resources, consider outsourcing or enlisting a trusted partner for advice.
3. Consider your network security ecosystem – If you’ve set up your security with your business needs in mind, you’re far more likely to have an effective system that doesn’t over- or under-protect your business. If you consider everything as a comprehensive system, things are far less likely to slip through the cracks.
4. Create a crisis plan – Think about how you’re going to react to a breach or a crisis. Consider the following: who in your organization is going to be responsible for creating the plan; who will carry it out; what kind of statements you will need to make; and how to avoid aggravating a sensitive situation once it exists. Thinking about it while you’re in the middle of an emergency may not be the best time to discuss it.
5. Increase security awareness – Often, there’s a poor degree of security awareness at a decision-making level in organizations. Often there’s a misconception that security awareness training or consulting is simply for people that are regular information workers and help desks and it’s not often realized that you need security awareness for all levels in an organization, from the janitor to the C-level. You don’t have to have any technical knowledge to have security awareness; you just need to know where risks can lie and if you’re making a decision that’s risky.
6. Learn from other organizations - Read case studies so you can learn from the mistakes of other corporations and start thinking about how these sort of things develop before it happens in your organization. Listen to and read news about breaches. But remember--breaches we hear about driving to work in the morning are just a small percentage of the actual breaches that are taking place.
7. Realize there’s no human firewall – Humans are easier to hack than computers, which is why most issues are due to human error. Make sure you train your employees to help them avoid mistakes, but realize some mistakes are inevitable. Humans are able to recognize patterns and if we teach humans to recognize con games (and all social engineering attempts are essentially a con game), then their Spidey sense goes off. You can’t teach your employees every potential con but you can teach them to react and report when they recognize a pattern that feels “off” so a crisis can be nipped in the bud.
If you’d like to learn more about how to help your employees detect problematic issues, please check out our training program. If you have questions, you can also send us an email or give us a call. We’re here to help!