Identifying and reducing the risks of loss from poor to non-existent IT protection
Living in the digital age has afforded us as small business leaders, to take advantage of many resources that were once only available to larger companies. At the same time, we are able to share more information than ever with the ease of a mouse click and a browser. While the up sides to all of this, the news brings us all kinds of information about what can go wrong with such great access, such as the Heartbleed virus, which quietly collected information about users. It was though they had a back door to the information we hold most private.
Another challenge that we face in this age is that of providers who collect all sorts of information about what we do, such as what we search for, what we purchase, information about where we are, all of which helps to create a digital profile, probably with more information than you have about yourself. If that doesn’t move you, take into consideration that the very company that connects you to the internet – your ISP, has access to the same information.
If that weren’t enough, most people have probably seen scam emails, asking you to update passwords on private accounts, such as your bank account or email accounts, asking for personal information, such as name, social, phone number and other uniquely identifiable information that they can pair with information around the web, perhaps through social networks or background searches. It seems as though there is a new set of these types of emails every day, to the degree that it is, at times, difficult to tell if some requests are made legitimately.
Painfully, the hardest hits may be closest to home: employees and family members who may not be as wary as you are about the dangers on the internet. I couldn’t count the number of times that I walked past my children’s computer, seeing the “updates” icon blinking, knowing that there is some new security patch update that they have been missing, or some virus scan that needs updating. Despite passing on the information “hey – don’t’ download this, when you see something blinking, do that…” cyber-security isn’t at the tops of their minds. Or even at the middle.
Employees, who may be a little more sensitive – they may see that they may truly have something to lose – can inadvertently be the source of a breech, perhaps through using unsecured emails, leaving their computers on/logged in and walking away, logging into a VPN or other company resources through a public internet access point or getting technology stolen. Any of these can leave your organization open to theft on one hand, but liability on the other.
For example, if you are storing proprietary client information that suddenly becomes “public,” your client, shall we say, will have issue with you. Not only that, if you are in violation of any law requiring you to safeguard information, you and your company may face charges. The Bureau of Consumer Protection offers in depth information on the topic, indicating, “The definition of “financial institution” includes many businesses that may not normally describe themselves that way. In fact, the Rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services.” Take a look at the article here.
If you tend to be pessimistic, you may feel that it is time to get out your axe and disconnect your life from the internet. Unfortunately, it would be like trying to remove a splinter that has dug itself deeply into the back of your elbow; it would be difficult to see, difficult to access and nearly impossible to remove by yourself. Cutting the cord will probably do more harm than good as it may place your company at a strategic disadvantage and require that you invest more time and money in order to compensate.
If you are more aggressive in nature, you may wish to hire someone or a firm whose job is to safeguard your company’s information and ensure that your company is always in compliance. There is, of course, cost with this. They will come into your company, audit everything, create a list of deficits, create a plan or list of things you must do to stay and get in compliance – including regular education – and then implement their recommendations, offering to monitor and do regular audits of your company. This may prove necessary and worth it.
Some of us, who tend to be more practical and are at what might be considered to be at lower risk may wish to look into how they might manage much if not all of their internet security needs in-house. The danger with this, of course, is that since this isn’t your core line of business, a) you may not have enough information to be able to fully protect yourself and your company and b) since this isn’t your core line of business, you will be taking resources away from income opportunities. Security is an operational function, which makes it a cost center. As a business leader, it is essential that costs can demonstrate a return.
If you decide to go the route of doing it yourself, a quick internet search might be a place to get started.protecting online privacy. The Bureau of Consumer Protection will also provide some great information on the topic. Be weary of “top ten lists” as they may not be as conclusive as you may require; it is important to educate yourself, regardless of the route you take. This is an important part of safeguarding your company’s operation, no different than protecting yourself and your home from those who would wish harm.
It’s rather brutish out there. Cover yourself. Cover your company. If you plan to build an extraordinary company, you will make the proper investments into ensuring that you don’t ignore risks.
Rick Meekins is the Managing Consultant at Aepiphanni, the trusted advisor for business leaders who are seeking forward-thinking solutions to help them plan for and navigate through the challenges of business growth. Our entrepreneurial multidisciplinary team works with clients to develop differentiating solutions and provide direction focused on lasting, strategic results. We exist to help our clients CREATE | DESIGN | BUILD extraordinary businesses.
We would love to hear from you. Please share your thoughts and comments below. If you are seeking advice on how to grow your business, streamline systems and processes, implement software or overcoming challenges to growth, please contact us, directly or submit a request for a complimentary Coffee & a Consult to learn how we can help you CREATE | DESIGN | BUILD an extraordinary company..
Rick Meekins is the Managing Partner at Aepiphanni, a Business Consultancy, an Atlanta, GA based small business consultancy that provides Management Consulting, Implementation and Managed Services to business leaders and entrepreneurs seeking to improve or expand operations.