Here’s the situation: your company is experiencing significant growth. You’re about to lead your firm and your workers to the step that will get all of you to the next level. But before you do, one of your workers encounters some ransomware and opens a data breach that compromises your cybersecurity.
What could you have done to make sure this never happened?
We were recently fortunate to have Joy Beland, the President of Pink Hat Technology Management, on the P.I.C.N.I.C. Podcast to discuss this very issue. Hers is a game plan that starts with the human element in mind.
The Chair, Not the Screen
To protect your company more efficiently from cybersecurity threats, you’ll first have to undo your presuppositions about where those issues arise. In Joy’s experience as a technology consultant, she has noticed it’s not specifically the software or security program at the root of the problem.
It’s the people sitting in the chair.
Workers, from new-hires to executives, tend to lack the requisite knowledge of cyber threats to keep company and personal data safe from attack. To combat this, Joy suggests “Culture Reboots,” or mandatory, in-person training for every employee.
During her culture reboot sessions, Joy observes again and again the same pattern. “Executives sit there,” she says, “watch [the training], and they say, ‘Man, my staff doesn’t know nearly as much as I thought they would in protecting themselves.’”
More than a third of the workers in these culture reboots, despite claiming to know the basics of internet safety, will have ended up clicking on something hazardous by the end of training. And that’s the entire point of these culture reboots: to highlight for executives where cybersecurity issues arise, and to get trainees back to the basics.
Rooting Out Threats
If knowing how threats become full-on attacks is the first step, then learning to identify internet pitfalls is the next. By far the most common form of breach is via ransomware, which hackers use to steal company—or personal—data and sell it back to victims for a price.
But some hackers have a different option for buyers if they know where to look, and most people don’t have a clue what it even is: the Dark Web.
Functionally, the Dark Web consists of those sites which major search engines and browsers don’t index. The sites require specific equipment to access, and entire markets exist there just to trade data stolen via ransomware. And sometimes, foreign nations (“Bad actor countries,” in Joy’s words) take part in these trades to undermine other economies.
Understanding where threats are coming from will allow you and your company to target your security efforts more effectively and keep your data safe.
What About Small Business?
Large businesses typically have the budgeting necessary to tackle most cybersecurity threats, including those stemming from the Dark Web and bad actor countries. However, their smaller, more local counterparts often lack the capital to invest in protecting their information.
In digital terms, this creates something of a “cyber poverty line,” where a lack of security puts small businesses at significant risk for cybercrime.
And the ramifications for falling victim to cybersecurity breaches can be severe. Company downtime and loss of revenue would only be the beginning of your problems.
But why should small businesses worry? Joy puts it bluntly, “They think to themselves, ‘None of the data we have is something anybody would want, and what they’re not realizing is it doesn’t matter if other people want your data; it only matters if you want your data. Because it’s valuable to you, you’ll pay it back.
It pays to know the ins and outs of cybersecurity, from empowering your employees (at all levels) to recognize threats and deal with them accordingly to understanding the deeper motivations behind those who would seize your data for profit.
There’s a human element to both sides of the issue, and understanding both will keep you and your company all the safer.