What is your position on cybersecurity in your business? You’ve invested, so you’re protected, right? Your IT team has you covered. Maybe not.
It is probably fair to say that in 2018, Amazon CEO, Jeff Bezos, had a larger IT team at his disposal than is currently in your business. Yet, his phone was hacked.
That incident involved some of the richest men in the world, including a king. It also involved international espionage, a connection to one of the largest newspapers in the United States, and a horrible crime against a journalist.
Most cybersecurity incidents, however, happen at a level relevant to small and medium-sized Oregon businesses. According to research by Accenture, 43 percent of cyberattacks target small businesses.
Looking locally, 131 data breaches were reported to the Oregon Attorney General in the first nine months of 2021. That was up 19 percent from the same period the year before, plus it only accounts for a very specific category of attack, i.e. reported data breaches. There will also be unreported data breaches, as well as other types of cyberattacks, including ransomware attacks. The Attorney General said these other types of attacks have also been reported and that breaches have involved Oregon businesses across all industries.
The Jeff Bezos example shows cybersecurity attacks can happen to anyone, while the stats above show businesses like yours are a target.
It is essential that cybersecurity becomes a top priority in your business. Here is what you need to know as CEO to make that happen.
Cybersecurity is not a technology problem, and it’s not a technology risk. It’s a business problem and a business risk. After all, most cybersecurity breaches are the result of actions by employees. Examples include:
Because cybersecurity impacts and relies on all users, it should not be the sole responsibility of your IT department. Your technical resources will play a major role in helping to protect your systems and data, and there are technology defenses they can put in place, but all these steps can be breached by the actions of employees.
The only way to look at cybersecurity in this increasingly connected world is to attach responsibility across the entire organization. Everyone has a role to play.
As the CEO, you need to lead from the top on cybersecurity issues. The most important aspect of this is to set the tone and outline the high-level expectations. Your aim should be to create a culture where mitigating cybersecurity threats is second nature.
You need to lead by example, too. For example, when was the last time you changed your password? Is the password you are using for critical systems in your business—including your email—a random collection of letters, numbers, phrases, and symbols? Do you use two-factor authentication? These are fundamental and absolutely critical cybersecurity mitigation measures that should be applied across your organization, from your office down.
Some steps you can take include:
Finally, never forget that regardless of the technical mitigation measures you put in place, your organization’s biggest vulnerability is the employee clicking on something they shouldn’t. Your leadership is essential in preventing that click.
Let’s start by saying that your organization should have cyber insurance. However, there is often an over-reliance on cyber insurance, where senior company leaders believe they are covered if their organization is impacted by a cyberattack.
Your goal should instead be to prevent attacks from occurring in the first place. Think of it like health insurance, i.e. just because you have health insurance, doesn’t mean you allow your family to face unnecessary risks. It’s not about getting high-quality medical treatment after something bad happens, paid by your health insurance. Your role is to protect your family from harm in the first place.
In your business, most of the effort, resources, and investment in cybersecurity should be aimed at preventing cyberattacks from occurring. You can do this by:
One of your jobs as CEO is to understand the key points and issues relating to your organization, even though you may not be an expert. For example, you might not be an accountant, but you understand the financials of your company, as well as wider financial topics. You may not know how to operate the machines on your production line, but you have a general overview of the process, and you may not be involved in the detail of your HR department, but you definitely understand the talent acquisition and retention landscape as it applies to your company.
Your level of cybersecurity knowledge should be no different. You don’t need to become an expert, but you should have a solid understanding of the key cybersecurity topics and risks that are relevant to your company.
Obtaining this knowledge may mean reading and other forms of self-directed learning, and it may not be easy. You might even feel a bit silly that you run a successful company but know very little about cybersecurity. However, given the level of risk posed by cybersecurity issues (and how you’ll feel if your company suffers a major breach), staying informed is essential.
Hey, reading this blog is a good start!
The security posture of your company (as described above) is an evolving picture. This is because the threat landscape constantly changes, as does the attack surface of your company (the potential “ins” that an attacker has to your systems or data).
You must stay on top of your company’s security posture, regularly reviewing essential cybersecurity metrics, policies, and procedures, as well as your cyber insurance policy, disaster recovery processes, data backup reliability, and more.
Reviewing your overall security posture is also important in comparing it with previous reviews and targets. This will tell you what further steps you need to take to strengthen defenses and lower risks.
Finally, it is also helpful to get a third-party perspective, including conducting penetration testing to see how your defenses actually hold up in the face of a controlled, but aggressive attack.
Your business will always have competition and it will always have to pay taxes. You will always need talented people on your team, continuous innovation will always be necessary, and cybersecurity threats will always exist. That’s the ongoing cybersecurity reality.
Fronting up is the only viable approach, but there is help and support available. Contact us at StepUP IT Services to discuss cybersecurity in your company and how you can harden your technology and human behavior defenses.
Maybe you think your business is too small for an MSP, but nothing could be further from the truth. MSPs can help companies of all sizes with cloud computing, data storage and security, software and hardware maintenance and upgrades, and much more. Yes, even the smallest small businesses, including those with 50 or fewer users.
Leading an IT team is a tough, multi-faceted job, and no one understands that better than an MSP (managed services provider). An MSP is a tech partner that works with you to handle everyday IT tasks and can help you ensure that the changing nature of technology doesn’t leave your business behind.
Whether you’ve got 10 or 100 employees, a managed services provider can keep your IT on track and your business running smoothly. Even companies in the 250-300 user range, just toeing the line into enterprise-level tech solutions, can enjoy all the benefits of an MSP.
An IT generalist is a jack-of-all-trades. They’re by your side every day to manage your help desk, support your staff’s IT needs, deliver service and maintenance, and be network administrators who ensure everything is working as intended. On the other hand, an IT specialist works on more complex technology issues, such as projects and escalations. IT specialists also often take on the role of solutions architects.
Getting your outsourced IT services from an IT Services company seems like an obvious choice. You have someone you can call when things go sideways to help you get your technology back up and running. An MSP, or managed service provider, is a type of outsourced IT, but not all outsourced IT companies are MSPs. We’re going to break down the differences even further.
Between inflation, supply chain interruptions, and the looming possibility of yet another recession, it can be difficult for business leaders to chart the best course of action to keep themselves not just solvent, but thriving and growing in the face of such economic uncertainty. One way that businesses can make themselves more recession-proof is by having a solid IT structure in place, including software, hardware, security, data storage, and IT experts, to help everything run efficiently and effectively
Many businesses are turning to outside IT professionals to help them optimize their operations and keep their technology running smoothly and efficiently through strategic planning. A vCIO, or virtual Chief Information Officer, can be the key to streamlining IT functionality for your business.
There are outsourced IT services, and then there are MSPs—managed service providers. Managed service providers are outsourced IT companies, but not all outsourced IT companies are MSPs. Managed service providers are local businesses and, more importantly, local to your business.
Onboarding new staff members can be both exciting and nerve-wracking. While it symbolizes growth and new opportunities for your organization, it’s crucial to implement the necessary measures to guarantee a secure and seamless integration.
Since 2001, StepUP IT Services has been helping businesses in Eugene and throughout Oregon with their technology needs. We are your IT partner. We manage and maintain your technology, empowering your organization to reach its goals. Making you happy is what makes us happy.
228 Grimes St. Eugene, OR 97402
Proud member of the
Business Hours: Monday – Friday 7am-5pm PST
Contact us by phone at (541) 683-5000 for afterhours support.
Office closed for New Year’s, Memorial Day, Independence Day, Labor day, Thanksgiving, and Christmas
© 2021-2023 All rights reserved
