As we enter a new year, one of the things I remember most about 2018, from a cybersecurity prospective, is the number of reports of cyber-incidents hitting organizations that should have had adequate protections in place.

It was pretty eye opening as banks, insurance companies and municipalities, were succumbing attack after attack.
This came up as I was sitting down and setting up my children’s new tablets to be managed by my mobile device management (MDM) system.  Let me explain what MDM is.  Many times, we turn on a tablet and go to town.  But in an enterprise, business, or small organization (from 1-500) mobile devices are a massive security problem.  Smaller organizations allow their employees to use their own devices (BYOD, bring your own device) to access company resources like email.  You know email right? …  That thing our employees use to send contracts, client specific data to colleagues, or critical company information on … that EMAIL!  Well, that same email that has your latest company bank account numbers and sales projections were lost by your CFO.  Now you can be honest, how many of you have asked your employees if they have lost or decommissioned a mobile device that could have company data on it?  Or worse, how many of you have separated from an employee (voluntary or involuntary) but have no idea if they have any of your organization’s data on it.

What you don’t know can kill your company!

While I was configuring these tablets to be managed by me, I started to think about how many organizations we work with that don’t take charge of their cybersecurity.  I know, you can’t manage everything, but I realize that solopreneurs and SMBs either turn cybersecurity over completely or choose not to address it at all.  You heard me correct, even the solopreneur needs to address cybersecurity.  Here’s an example how a solopreneur can be affected by a cyberbreach:

  1. Solopreneur gets an email they think is from a contact.  They click on the link provided and malicious software is downloaded and installed on their machine.
  2. This malicious software copies they complete contact list.
  3. Within a few days, dozens of your contacts are sent emails, appearing to come from you, that encourage your contact to follow the link
  4. Your contacts start sending you emails complaining of the ‘spam’ and you don’t know why.
  5. After several weeks of spam emails, your contacts start to express their frustration and some openly tell you they don’t want to do business with you going forward.

This is a scenario being played out throughout the SMB landscape.  Even worse for the small business that has a small office and network.  Take the above scenario, but instead the malicious software is ransomware that encrypts all of your shared files and won’t let you get to them without paying a ‘ransom’ in the form of bitcoin.  Every small organization I’ve worked with has at least a shared folder or two that would be susceptible to ransomware.  As you can see, even the solopreneur can be “hacked”.  The simple act of ransomware hitting your network could wipe out years of work.  More important, years of good will and reputation could be wiped out as well.

What can you do TODAY!

What can you do, as a solopreneur or small business owner, today…. OWN IT!
Own your technology and what comes of it.  When you are a solopreneur, you own the laptop or computer you use daily to conduct your business.  But you must own everything else that goes on around it.
You have to own if you open malicious emails.
You have to be proactive in your own cyber-defense.
If you hire an accountant because financials isn’t your forte , hire a cybersecurity expert if cyber-defense isn’t your specialty.
If you hire a lawyer because you aren’t a legal expert, hire a cyber security expert to protect your most valuable asset, your business.

And to the small/medium sized organization, IT is not security.
Just like crossing guards aren’t the police.  Yes, they may wear a uniform and many have a badge.  Make now mistake, they are there to help people, but at the end of the day, you want skilled people in skill positions.
The reason I bring this up because owning and managing information security is a sticking point.  It’s a pain point.  But you have to understand the implications.
In years past, we simply accepted when a virus hit.  Now we know, when a virus or ransomware hits, there is going to be financial fallout.  Loss of clients, loss of reputation, loss of INCOME!
An ounce of prevention is more valuable (and cheaper) than a pound of cure.

Leave your comments below and tell us how you are owning your cybersecurity!