I want you to take a second and imagine the thing you dread the most in the world. The thing that brings you the most anxiety when you know it’s coming up. Everybody has something. Got it? I’ve got odds that you thought of an impending appointment with your doctor or dentist.
There’s just something so nerve-wracking about going to the doctor or dentist because you know that they’re going to tell you something that you don’t like. Maybe you need to exercise more. Maybe you need to change your diet. Maybe you need to get blood drawn. Maybe you need a root canal. The thought of any of these options is enough to send a shiver up your spine. So why don’t we just NOT go?
That’s what a friend of mine calls “avoidance therapy.” The theory is that “what we ignore can’t possibly hurt us.” Of course, you and I both know that’s totally wrong.
Yet so often, much like avoiding the doctor or dentist, we see successful and savvy business owners and officers avoiding the topic of cybersecurity, generally with some ready-made excuses.
“We’re too small.” No, you’re not. Every person and every business is targeted by cybercriminals and the bots they command.
“We don’t have anything a hacker would want.” Yes, you do. Even if you don’t have information, you have an internet-connected machine that a bad guy (of a particular ilk) could employ in his or her quest to breach a bigger fish. That attempted hack of the FBI? It came from YOUR address.
“Cybersecurity costs too much money.” Depending on how you look at it, EVERY insurance policy costs too much money – until something happens. This is no different from insuring your home against a flood, your car against a break-in, or your body against a significant illness. If you DON’T use the insurance, it’s easy to look back and think “wow, I didn’t need to spend all that money.” But the second something happens and the insurance kicks in, you’re glad you have it.
We shared in a past IBS Insider Cybersecurity Briefing about a company that experienced a ransomware attack. The bad guys who were holding his network hostage wanted millions of dollars in ransom to return their access. The cost to recover the network WITHOUT paying the ransom ended up being several hundred thousand dollars. Yes, less than paying the ransom (and safer) but still a significant amount of money. They were fortunate for two specific reasons:
- They had SOME safeguards and policies in place so they didn’t lose everything.
- They had cyber insurance to cover most of the cost of recovery.
Had they had NO safeguards and policies in place, it could well have been easier to consider just paying the ransom. (We would never advocate that, however, because then the bad guys know that you WILL pay, so they’ll attack again and again.)
Cybersecurity is a multi-layered approach to keeping you and your business safe from attackers, protected from bad guys, and operational without the threat of ransom. It encompasses everything from password protection (as I go into in my prior post) to firewalls to detecting harmful software (malware) to properly de-authorizing employees who leave – and so much more. It doesn’t have to be expensive – but it DOES need to be planned in light of the risks that are unique to each business.
Often, people avoid the doctor or dentist until their body tells them that something is desperately wrong – at which point it may be too late. When it comes to cybersecurity, waiting until an attack or a breach occurs is ALWAYS too late. And the statistics are sobering. A huge percentage of small businesses are OUT of business within one year of suffering a cyber attack.
That’s a statistic you do not want to be a part of.