So it is groundhog day and predicting the weather aside, we should ask if you or your business experiencing groundhog day again and again. Are you stuck in the same cycle of knowing you have vulnerabilities but afraid to address them? Are you wondering if you put it off one more day that perhaps you won’t be targeted and you won’t be burned by inaction on the security front. As a former colleague used to say, “it’s certainly a technique.” The implication being that while it’s definitely a plan, it’s probably not the best plan.
What can you do? It’s a daunting task, especially if you have never had one done or if it’s been a couple of years since your past assessment. And they cost money. It can be a big expense and what happens if they find something; it could cost more money. Never mind the stats that show approximately a third of customers leave a small business after a breach. It was just revealed that TalkTalk lost over 100,000 customers after their breach. That only represented 3% of their business, but for a business that size, 3% is not a drop in the bucket and it represents what could be the beginning of the downturn. After all, this breach happened only in October. Can you afford the money spent or lost to recover?
Every day attacks are changing and tactics employed by hackers and social engineers are evolving to be more and more dangerous. No longer is it the Nigerian Prince email scam that screams phishing attempt. Rather it’s the extensively detailed email from your bank with some of your personal information on it that wants you to use a secure link to update your account information all the while assuring you that you are protected from scams and hackers. Or maybe it’s already too late and your systems have already been penetrated and are sending reams of information to a competitor.
Whatever the reason, the time to act is now. And it doesn’t have to be something to fear. You may fear the results but you don’t have to fear the process. And we can make the process even easier. Answer 3 simple questions and it will provide you the foundation for a more detailed assessment.
- Is security a focus within your organization? Look around the office or walk down the hall. Do you see security reminders on the walls or doors? (I guess this turns 3 simple questions into 4)
- Do you conduct regular security training? Regular should be consistent quarterly or semi-annual training at a minimum. It can be in a classroom environment or online.
- Do you have established security policies?
If you answered “NO” to all of these then you should not wait any longer.
If you answered “NO” to any of these, it is indicative that you are aware as an organization but you still have some significant holes to fill. There may be even more holes that you don’t know about. We would recommend an assessment sooner rather than later.
If you answered “YES” to all of these, then you should be applauded to taking a pro-active approach to security and having the right mindset. However, with the types of attacks changing daily, we still recommend assessments conducted annually at a minimum.
Quick and easy. Think about those questions and decide if you have time to go through one more groundhog day.