In current times, the value of being able to work remotely by accomplishing the same or even better results and efficiency has become more important than ever. After almost 23 years of servicing different clients globally with IT support, there is one phenomenon that continues to be persistent in every industry: Having a fancy client-facing office location, an expensive car or an $80,000 countertop can be seen as more important than investing $10,000 to $20,000 in your IT infrastructure, maintaining and keeping it safe from vulnerabilities, exploits and cybersecurity attacks.
The mindset of most small or medium-size businesses we professional systems consultants encounter includes justifying statements like “Nobody is hacking us because we don’t have anything.” They don’t realize that violating PCI, HIPAA or the new IMO2021 compliance can have severe consequences, not only to the corporation but also to the customer whose credentials — personal, Social Security and credit card information — could be stolen under your watch. This leads to liability questions of cybersecurity insurance, third-party claims and, worse, more cyber-crime by the abuse of information that has been stolen.
The Office of Foreign Assets Control has made it illegal this year to pay criminals ransom in order to regain access to your files encrypted by malware. The projected damage through cyber-crimes is on a historical high. In 2020, we have had an estimated $6 trillion damage through hacking attacks.
In the past 12 months, Apple, Microsoft, Google, Intuit, Travelex, Cisco and many more companies have experienced security breaches. A major part of the security breaches has been malware attacks that have been executed by employees unknowingly opening infected attachments. How do we counter this situation and strengthen our businesses?
It is essential that your IT infrastructure — including your firewalls, routers and access points and not only workstations and servers — have the latest firmware and software upgrade installed. To close vulnerabilities and exploits, each server/workstation needs malware and antivirus software. Remote workers should always have their mobile devices up-to-date. Also, use a VPN software or VPN connection when connecting from a non corporate network to do work, and have privacy screens attached to devices when working in public places.
Internet usage and cybersecurity policies need to be created and enforced. Updating and repeating employee training for education is just as important as keeping your IT infrastructure up-to-date, and this should happen every 14 days to create a healthy and secure working habit. We recently cybersecurity audited a super-yacht marina, which had a cybersecurity breach in August. To our surprise, nothing had been changed for years technology-wise, not even the standard passwords.
In order to minimize the number of vulnerabilities and hacking attacks, corporations need to be held accountable, and compliance needs to be enforced. This can only be done by adding pressure also from the insurance side toward the client. If they ensure that they cannot prove someone is cybersecurity compliant, then that facility, business or yacht should not be insured and will be subject to penalty.
Many smaller companies using “tech guys” from Craigslist because they work for $15-$25 an hour to do an IT job without being vetted or asked for references or certifications. An IT consultant is not a cybersecurity company, so having your infrastructure set up by an IT company should be followed up with an independent home security company that audits and double-checks the work to make sure security breaches aren’t possible or that the risk is at least a small percentage.
The cost invested in implementing cybersecurity is less than the damage done and the loss of data to the business if a security breach is successful and information is taken.