Cyber security mistakes you might be making

Cyber security mistakes you might be making

In a business world that depends upon computers, the new can be scary.

In September, Equifax reported that 143 million people might have had their personal data exposed because of computer hackers.

That story got a lot of attention, but it wasn’t the only sobering cyber news.

Also in September, researchers from Symantec, a security company, found evidence that hundreds of power grid sites in the United States, Switzerland and Turkey and Switzerland had been hit in a hacking campaign. In June, ransomware attacks hit major global firms from British advertising agency WPP to FedEx.

With that in mind, Crossroads Business Journal asked some local tech companies for advice on keeping companies safe.

What’s the biggest mistake leaders of companies and organizations make when it comes to cybersecurity?

“Relying on perimeter protection, antivirus and other cyber products. Also, organizations should not treat cybersecurity as the sole responsibility of the IT group. Technology will always be part of the solution, but a comprehensive data governance policy with a cybersecurity plan should be in place that emphasizes responsibility and duties from the top C-level executive down to the most entry-level position.”

What’s your best piece of advice for people in those roles as they guard the safety of their digital assets?

“Align your corporate cybersecurity policy with your business goals. If you keep your security decisions and overall business goals aligned, you can position the company’s policies as a business generator and not an expense. Also, data and information are a company’s most valuable assets. People though, represent the largest security vulnerability vector. Don’t neglect the investment necessary to keep employees engaged and aware of cybersecurity best practices. …”

— Chris Smith and Rob Mayo, technical directors, and Amy Johnson, executive director of business development, B&D Consulting Inc., Hagerstown

Biggest mistake?

“‘It will never happen to me.’ GDC IT Solutions sees leaders of companies and organizations make this very mistake when it comes to cybersecurity. ‘I am not a target of hackers or cyber terrorists.’ When you do not think you are a target, you do not fortify your IT environment. This is when your company and its data are the most vulnerable. Repeatedly, leaders of companies assume no one is after their data so they simply employ anti-virus software rather than putting a comprehensive IT security plan in place with strong firewalls, anti-virus, anti-malware and reliable data backups. To secure your business data and networks, a business needs a comprehensive plan in place that addresses the multiple intrusion points that hackers can access, and for the worst-case scenarios, you need to have a reliable backup solution for data recovery.”

Best piece of advice?
“Your company’s data is one of the most important assets that you have and it needs to be protected as such. Cybersecurity and IT needs to be seen as an asset and not as an expense, as viewed by many leaders. Technology is what drives organizations forward, and a data breach can bring even the largest Fortune 500 companies to a grinding halt, costing them an exorbitant amount of revenue, and in many cases the trust of their customers. … Our best advice to those in leadership roles as they guard the safety of their digital assets is simple: Protect your business with a comprehensive IT security and data recovery plan. If you do not have the resources in-house or expertise to protect your data, work with an IT service provider like GDC IT Solutions to develop and implement a plan for you. It is the best investment you can make in the safety and security of your business.

— Mike Shenk, regional account manager for GDC IT Solutions, which is headquartered in Chambersburg, Pa., and also has offices in Mechanicsburg, Pa., Hagerstown, Md., and Appleton, Wis.

Biggest mistake?

“Making assumptions and not getting personally involved are the biggest mistakes that leaders make with regard to cybersecurity. No responsible leader would say, ‘I have no need to review the financials or concern myself with quality management and regulatory compliance; we have people that do all that.’ Yet, that is the attitude that many take towards securing their organization’s critical information, confidential client and employee information, and even access to company assets and resources. … Every single major breach recently has hit companies that have IT departments or are supported by contract IT service providers. Ronald Reagan once wisely said, ‘Trust, but verify.’

Best piece of advice?

“Never rest! Former FBI Director Robert Mueller said in 2012 that cybersecurity would eclipse terrorism as our greatest threat: ‘We are losing data, we are losing money, we are losing ideas and we are losing innovation. Together we must find a way to stop the bleeding.’

“I would recommend to business leaders that they view cybersecurity as a professional service and then look for the best service provider. Even if you have an IT department, it is beneficial, maybe even critical, to inspect. Another Army axiom that I lived by is: ‘Soldiers do what leaders check.’ Due diligence is your moral obligation. Leaders can and should delegate the work, but they can never delegate responsibility.

— Randy Ross, security consultant with Advantage Technology, which has offices in Charleston, Morgantown and Shepherdstown, W.Va.