What steps must I take to achieve maximum cybersecurity?
Over $80 billion. That’s the amount companies worldwide spent on cybersecurity hardware, software and services in 2017. This year, that number is expected to increase by nearly 10 percent. And to put that $80 billion in perspective, this dollar amount equals four times what Apple, Microsoft and Facebook spend on R&D in a given year, combined.
Not only is cybersecurity big business and getting bigger; for high net worth individuals and companies of any size, it is no longer an option. Just look at the news. Cyber vulnerability is everywhere: retail chains, credit bureaus, car services, banks, even presidential elections, all hacked and breached.
Our firm takes seriously this new normal in tech security and its threat to our clients—so seriously that we now have dedicated staff and resources focused on protecting our clients from exposures that go well beyond a hacked credit card.
Which brings us to the question: What steps must you take as a business owner and/or executive (not to mention as a member of a high net worth family, a favorite target of hackers) to achieve maximum cybersecurity?
Step One: Cyber-Risk Assessment
As it name implies, a cyber-risk assessment examines your vulnerability to a hack—from your corporate or business office, to your home office, credit cards and, yes, all those smart appliances you now rely on. Until you see where the holes are, the gaps, the weak points—and the human risk factor—you cannot devise a coordinated cyber strategy.
If you choose to do the assessment on your own, you can access resources such as a set of guidelines issued by New York State’s Department of Financial Services. Or, you can engage a firm such as ours that offers a full range of cybersecurity services, including the development of an integrated cybersecurity plan.
Step Two: An Integrated Mitigation Strategy
The next step is to mitigate your cyber vulnerability by patching those holes and strengthening those weaknesses. In the world at large, and for individuals and business, too often cybersecurity is a crazy quilt of firewalls, encryption and other measures that operate independently. We would suggest emulating a movement in Europe toward compliance with the EU-required General Data Protection Regulation.
Simply put, GDPR bundles together all data exposures, from credit cards to healthcare data, and creates an integrated security effort that produces what one might call a “cocoon” of safety around one’s cyber world.
Step Three: Monitoring
The old saying, “Trust, but verify,” applies here. That means making sure your own GDPR actually works. One of our first steps in working with clients on this issue is to see if we can breach their security. To date, we have never not gotten in.
The goal, of course, is to make it almost impossible for us, or anyone else, to get in after the upgrade. This requires two steps. The first is creating a set of guidelines for our client company and its employees on what not to click, if you will. Next comes monitoring of our clients’ day-to-day activities to see if people are following the new rules.
All personnel must carefully follow procedures, and firms like ours can train them for you. After that, if there are employees who do not comply, well, the next step is up to you.
Ultimately, the goal in this process is for you to be a realist about cybersecurity. In short, it is not whether a breach will occur, but when. It is going to happen. Be sure you have an internet response plan. Because, as is true in all of life, you always want to have a plan B.
Sources: Business Insider, NASDAQ