10 Steps You Can Take to Protect Your Business From Cybercriminals
- Sep 09, 2019
Thousands of companies are under siege by cybercriminals. Why are these problems getting worse? Why aren’t authorities catching these people? What can you do to protect your business from these attacks?
Brian Gill came on the latest episode of The Continuity Forecast to address these questions and more. He’s a computer scientist and entrepreneur that has spent the last 16 years helping dig businesses out of data related disasters… and prevent them in the first place. Brian is the Chairman of Gillware, a firm that provides data recovery, incident response, and risk assessment services.
You can listen to the podcast on iTunes on by using the player below:
What do Gillware do?
For the last 15 years they’ve basically been helping people out of jams.
They started by focusing on data incidents related to equipment failures or human errors. Maybe the business lost a lot of data from a hard drive that started clicking or that were accidentally deleted. That evolved into Gillware adding backup services to their toolkit.
Then, about 4 years ago, they founded a digital forensics incident response and risk assessment services company. That was around the time that we started seeing a lot of these ransomware events. People were finding their way into data related jams because cybercriminals were hacking their networks and wrecking havoc. Today, Gillware helps organizations respond to those breaches and prevent future disasters.
Oh, and one more thing. Mostly because it’s probably the most surprising thing you’ll learn all day.
When Gillware is working with clients, they’ll attempt to recover the data. But if they can’t, they will work with the criminals themselves to negotiate and obtain encryption keys.
You’re probably wondering what that’s like. And here’s where you’ll be surprised. Brian said, while still criminals, they’re actually very pleasant, professional, and responsive.
So, why are these data breach problems getting worse?
Well, there’s two primary reasons.
First, there’s lots of new technology that makes it easy for the bad guys to quickly encrypt an entire network. In fact, a network can be penetrated and turned into hundreds of thousands of dollars in as little as 48 hours.
These criminals have made billions of dollars over the last few years. While we initially created this technology to protect our data, unfortunately these criminals are using it for other purposes.
Second, for data security, executives and board members are not properly budgeting their organizations. A lot of businesses have increased their IT spending by 5% or 10% over the last five years. But the threats, and the ramifications of these breaches, have increased exponentially in the last five years. They’re just not taking these threats seriously.
So, what can you do to protect your business?
What steps can we take to defend against these attacks?
Well, it starts with you. And other leaders in your business.
Executives, board members, and other leaders need to get serious. They need to buy in. Leadership has to be committed to securing the business and protecting clients. So, if you’re bought in, here are 9 steps you can start with to start protecting your business from these attacks.
1: It’s hard to protect stuff if you don’t know what stuff you have. So, develop an asset management strategy.
2: Everyone knows when Apple releases a new security patch. But some of us work for organizations with computers that are running months or years behind on patches. Put in place a patch management strategy.
3: Think about protecting your people. Focus on things like social engineering training and good password management habits.
4: Do you have a company firewall with at least two factor authentication? Make sure you’re investing in your equipment.
5: Think about email security. Are you subscribed to all the blacklists you can?
6: If you have 100+ employees, think about hiring a network monitoring service.
7: Do you have cyber liability insurance coverage? If so, how much do you have? What exactly does it cover?
8: Develop a comprehensive disaster recovery plan. And it shouldn’t be 400 pages. It should be about 2 so that it can be executed successfully during an attack.
9: Keep an incident response company on retainer so you’re not shopping for one in the heat of the moment.
10. Really invest in protecting your business. Whatever you spent last year, don’t just raise it by 10%. You need to triple it. That may seem like a stretch. But it all goes back to getting serious. 10% isn’t serious.
Cybercriminals might be pleasant and professional. But they’re still criminals.
And unless you get serious about protecting your business, you’re still at risk.
This blogpost was taken from The Continuity Forecast podcast. We know business never stops. Check us out, and leave us a review!