For years, business owners and upper management left technology-related issues up to their IT team or provider. But because of increased threats, leadership’s role in cybersecurity has changed. Cybersecurity is no longer just an IT matter, but a CEO and board-level risk that must be managed.
Stats That Will Send Shivers Down a Business Owner’s Spine
- The average cost of a data breach for a small or medium business is $101,000 according to a study by Kaspersky.
- Smaller organizations suffer higher data breach costs per employee ($3,533) than larger ones ($204).
- A U.S. business falls victim to a ransomware attack every 11 seconds.
- 43% of all cyberattacks are aimed at SMBs, according to this report.
There’s a lot at stake for business owners which is why they, along with their management team, must take a more active role in decisions that affect the very livelihood of their companies. They are accountable for their organization’s well-being and performance. Customers and vendors expect the companies they do business with to be good stewards of their private information. A breach will lead to mistrust and could result in hefty fines and/or lawsuits.
5 Cybersecurity Mistakes Business Leaders Make
Not fostering a security-first culture within their company
Cybersecurity starts at the top. Business leaders are responsible for setting the tone of the company by establishing priorities and ensuring adherence to them. They have the opportunity to positively influence every team member. Equifax’s massive data breach in 2017 is an example of a poor cybersecurity culture. Criminals gained access to sensitive information – including social security numbers, birth dates and private addresses – of 145 million people. The CEO at the time of the breach attempted to deflect blame by pointing the finger at a software provider and then at an IT technician. His poor handling of the incident didn’t bode well for him. He “retired” shortly after the breach became public knowledge.
Thinking that security is just an IT problem
Cybersecurity is everyone’s job, especially the senior leaders. By working collaboratively with their IT team, they put themselves in the position to better understand possible threats, how to defend against them and actions to take when an attack occurs. Leaders should come to the table with security experts and ask questions. Not taking the time to gain a basic understanding of cybersecurity hinders decision-makers from mitigating risks to the business. A subgroup of the National Institute of Standards and Technology (NIST) published a handy guidebook outlining practical things each person within an organization can do to protect the company based on their role.
Thinking that their business is too small to be a target for cybercriminals
Study after study confirms that small businesses are not immune to crippling attacks. See stats above. It’s not a matter of if a company will be attacked, but when. By understanding the threat landscape, business leaders can prepare for an attack and take the necessary steps to lessen the severity of the incident.
Thinking technology tools will solve all their security problems
The right technology can strengthen a company’s security posture, but even the most advanced tools can’t block all threats. Technology is just one part of a three-legged stool with People and Processes being the other two. All the technology in the world won’t stop an employee from clicking on a malicious link in a phishing email. And it won’t prevent an unsuspecting employee in the finance department from being tricked into wiring funds to an account controlled by criminals. Only processes and administrative controls can fend off these types of attacks.
Not investing in appropriate resources to safeguard the organization
Cybersecurity has become more complicated and firewalls and standard antivirus simply are no longer enough to keep a company’s network and systems secure. As the world has changed and cybercrime has morphed into a $1.5 trillion industry, advanced security tools and solutions are needed to help soften the blow should an attack occur. SMBs are at a clear disadvantage as most don’t have resources available to hire a full IT staff with the knowledge and expertise needed to defend against advanced assaults.
Outsourcing security management to a reputable and operationally mature IT firm ensures that a business has experts to help guide upper management in the complicated and ever-changing world of cybersecurity. But beware. Not all managed IT providers are qualified or well-versed in the advanced solutions needed to safeguard against criminals and assist when you are breached.
If you would like to learn more about how MIS Solutions can manage your cybersecurity risks, contact us HERE.