Two of the biggest topics of discussion for business leaders these days are data and cybersecurity, especially since by mid-2019, California had experienced more data breaches than any other state in the past decade. Cybersecurity measures are offered everywhere in response to the onslaught of attacks and executives now regularly prepare for major crises. In the meantime, the California Consumer Privacy Act (CCPA) has forced business owners throughout the state to look at how they are protecting and using their customer data. For 2020, all businesses are expected to review how they are protecting their customer data at rest and in transit, offering data transparency and availability to their customers, and securing their data and network from outside threats.
PROBLEM NOT SOLVED
Knowing that the estimated average cost of a data breach is $3.92 million and that hackers attack every 39 seconds, on average 2,244 times a day, has still not motivated companies to take the proper precautions. Even with all the solutions available, companies will most likely fail to update their security measures to current standards. They will have minimal or ineffective measures in place to protect their data and comply with state law.
But what if, the problem is too complicated or you’re fearful of getting started? What if you are a procrastinator, a worry-wart, financially strapped, a gambler or simply derive pleasure from pain? Do you still have to do it?
Of course, the answer is still yes and for one simple reason, falling victim to a cyber-attack is only a matter of time. Obi-Wan Kenobi said it best when he quipped: “In my experience there’s no such thing as luck.”
Take for example Wood Ranch Medical (WRM) in Simi Valley California. On September 18, 2019, WRM was the victim of a ransomware attack that resulted in its patients’ personal healthcare information being encrypted. The incident scrambled their servers, containing all patient electronic health records, as well as, their backup hard drives. The result prevented 5,835 patients from accessing any of their medical records. The impact was so severe, to the extent of permanently encrypting files making recovery impossible, that WRM issued a press release a month later announcing permanent closure. While extreme, this example illustrates the catastrophic consequences that can occur if a company doesn’t have a plan for ransomware attacks. If WRM had implemented cybersecurity best-practices, as well as a proper and tested disaster recover strategy, they most likely would still be in business.
The good news is that the CCPA is a helpful first step in encouraging California businesses to seriously look at how they are protecting themselves and their customer data. The better news is, it’s easy to implement basic cybersecurity measures that thwart outside criminals from breaching databases.
Don’t overcomplicate cybersecurity. Think of it as an essential part of your business, like office rent, Internet services or workers’ compensation insurance. Put the technology in place to protect your company and educate yourself about best practices and common pitfalls. Your goal is to understand and manage your business’s risks, relative to data that is in your possession. Also, know who to ask to identify and protect vital data and technology assets and how to detect, respond to and recover from a cybersecurity incident. The low-hanging fruits are email threat protection including anti-spam and anti-phishing technologies, as well, managed antivirus and multi-factor authentication. Most of your risks will be mitigated with these steps. What companies should also consider are a reliable disaster recovery strategy and real-time monitoring of their infrastructure, security and endpoints.
To reiterate, there are several options for you. If it is still overwhelming, there are companies that can manage all your compliance and security requirements. They will typically provide you with a complimentary s ss ecurity assessment, and remedy report, then offer you solutions that vary in price and effectiveness. There is no need to fear a shattering attack. You can be certain, within a short period of time, that your company is protected. All you must do is get going.
“Do. Or do not. There is no try.” — Yoda
Chant Vartanian is the Founder, Chairman and CSO of M-Theory Group, a managed services, cloud and security company. Learn more at mtheorygroup.com.
For reprint and licensing requests for this article, CLICK HERE.