It's Over! Nope, Not Really...
Mike Shelah
Cyber Security MSP MSSP IT Cloud Compliance CMMC RPO C3PAO NIST 800-171 PCI HIPAA Telecom VOIP Data Center Sales Leadership Prospecting Business Development Marketing Podcast
November signals many things, Thanksgiving, the beginning of the "Holiday Season" the halfway mark of the fourth quarter (just to name a few). It also means the end of October and the end of Cybersecurity Awareness Month and y'all really missed the boat.
I did a public presentation recently (link coming soon) and I also hosted a panel discussion, both called "Stop Being Cyber Stupid." Good News! As a company, Advantage Industries upgraded many of our clients to the latest cyber platform we developed and we are consistently bringing on new customers with this program. But there are still THOUSANDS of small to mid-size companies in the Mid-Atlantic area that have done NOTHING to enhance their cyber security.
HERE'S THE PROBLEM
Many of you are thinking " I have an outsourced IT partner" or "I have internal IT staff" or worse "I have a guy" by this one, I mean you have an outside consultant that runs to fix things when they are broken or installs a new computer for you when you need it. Unfortunately, none of these are equipped to protect you properly, none of them (ok, not literally none, but about 95% so, odds are you are not in that 5%). Let's break these three down.
1) "I have an outsourced IT partner." This one is a very common problem, because, most IT companies will only make sure your operating system is updated on all devices. They usually set up anti-malware and anti-virus, they probably (though not always) set up and maintain a firewall and sometimes (but less than half the time) set up and regularly test a backup solution for you. Beyond that, it is "hey call us when you need help." This is a real problem, because there is very little here that is proactively protecting your business and your data.
2) "I have internal IT staff." First, you are probably not giving them enough resources (financial or otherwise). Second, this person or this team is busy with the day to day tactical of running the technology of your business. They have little, to no time to strategically plan for your business and make sure the technology scales appropriately.
3) "I have a guy." This is the worst one. I have never seen a solo practitioner on top of their game. What I do see when I meet their clients is, missing firewalls, no VPN, computers running outdated operating systems, even SERVERS running outdated operating systems. They Buy cheap machines running different O/S with different patching and update requirements. and the list goes on and on.
SO ASK YOURSELF THIS
When was the last time any of these recommended an independent third party cybersecurity audit based on a compliance model like: HIPAA, PCI, NIST, GDPR or CMMC for your business? Most of you will answer never (probably over 80% of you) a much smaller percentage will say "in the last 36 months."
QUESTION NUMBER TWO
领英推荐
Did you do it? Did you hire someone to audit your business? Most of you are saying "no." because "it is too expensive." For the handful of you that did pay for the audit, how much time and money did you then put into implementing the recommended changes or "remediation." The answer to this one, is usually "not enough."
ONE FINAL QUESTION:
Let's say for a moment your business does $4 million a year in annual revenue (scale up or down the dollars based on your business). That means your company earns approximately $333,000.00 a month, which is roughly $2,100.00 per hour (based on a typical month having 4 weeks and a typical work week being 40 hours). Here's the question. How many hours can you afford to be offline because of a ransomware attack or other hack?
OK, I DO HAVE A COUPLE MORE QUESTIONS
Do you have cyber insurance (most of you will tell me no)? For those that do, when was the last time your IT team or person looked at it to make sure you are following all of the requirements? Because, if you haven't, your claim most likely wont be covered. Last question, how much money do you have in cash reserves to sustain your business to either pay a ransomware or survive through remediation of a hack? Do a quick internet search and you will see the average cost to the business is $1.85 million dollars for a ransomware attack.
ARE YOU CONCEREND? GOOD! YOU SHOULD BE.
I realize this is a lot to take in. Don't be overwhelmed. We created a simple and anonymous quiz you can take online to see where you stand. Once that is done you can schedule a review of your results with one of our engineers at [email protected]
Our solutions are S.A.F.E: Simple Affordable Flexible Effective
Nobody does what we do, the way we do it, for the price we offer. Thank you for taking the time to read this. We look forward to working with you.
Association Leader | Cybersecurity Evangelist | Community Builder
2 年So true. We know that fear tactics aren't the best motivators for behavior change, but the effects are terrifying -- it's no coincidence that Cybersecurity Awareness Month ends with Halloween, followed by Día de los Muertos. Is it enough to empower businesses to protect themselves to preserve profits, reputation, etc.? How many examples do they need before they believe it can happen to them?
I track finances for small businesses so that they can grow and become more profitable. | Virtual Bookkeeper
2 年Very comprehensive article, Mike. You bring up a lot of very valid points.
Author, speaker, medical professional. Giving voice to your voice.
2 年Clear. Concise. Compelling, Mike Shelah. Sitting up! Took notice. The time to fix is before there's a problem.
Public Speaker | Best-Selling Author | I obsess over Tech E&O, Cyber Insurance, and Cybersecurity Law
2 年Well said Mike Shelah! Hopefully businesses learn to embrace cybersecurity the easy way; and not the hard, painful, much more expensive way!
10K followers - 25+ years experience. VP Pentagon Cyber, Inc.(HQ US), a SDVOSB, CAGE Code 98A42; President of World Business Development Association (HQ MZ); and Pentagon Cyber, Ltd. (HQ MZ) | FBI
2 年A true picture of the state of things. unfortunately. I love the companies that ate stepping up! As technology, interconnected dependencies, and automation advance the need to be more vigilant is a must or you will find yourself out of business. Do you still use a horse and wagon? No. Ask yourself why? Times have changed drastically. Find a friend in cybersecurity before it is too late. Sounds like Mike might be that friend trying to save your business. You know like that friend in high school that told you not to date a certain person, but you did not listen.?