While there are many issues that an effective cybersecurity program should address, there are three glaring weaknesses around this issue that all NJ business owners should be aware of.
THREAT #1: Entrusting IT security management to a single employee.
Sure, your brother-in-law or college buddy has it all under control, right? Or perhaps you think having one IT person to take care of all IT functions at your business is sufficient. What could possibly go wrong?
There are simply too many IT tasks and functions that must be performed for your IT systems to run smoothly and securely for any one person to manage, no matter how trustworthy or how knowledgeable.
From critical support issues causing expensive downtime, to security vulnerabilities, to deploying new systems and training, not to mention proper IT planning, asset and vendor management – there is no way one person can correctly manage it all. You trust they are doing the right thing but there are no checks and balances, no accountability—and that’s as glaring a potential security breach as an open window. Can your company afford that?
THE FIX: Get a comprehensive IT analysis and cyber security evaluation done periodically by an experienced IT services firm. You’ll discover potential weak spots in your computing network—and get actionable recommendations for addressing them properly. As President Ronald Reagan once famously said, “Trust, but verify.”
THREAT #2: Not defining your RTO (recovery time objective) – or not being able to achieve your RTO because of inadequate backup system.
How long can your operation tolerate a “system down” situation? Two hours? Three days? That’s your recovery time objective and every business needs one; it’s a key benchmark by which your backup system is judged and your business continuity protocols are based. To paraphrase Yogi Berra, if you don’t know where you need to go, how will you know when you get there?
THE FIX: Determine and state your RTO and confirm whether your backup system and protocols align with your RTO. For example, if you don’t want to go more than one hour without full access to all of your systems, then you must ensure that your backup system has that type of failover capability – both onsite and in the Cloud.
THREAT#3: Not providing cybersecurity training to your employees.
“If we look at security breaches over the last five to seven years, it’s pretty clear that people, whether it’s through accidental or intentional introduction of malware, represent the single most important point of failure in terms of security vulnerabilities,” says Eddie Schwartz, chairperson of the Cyber Security Advisory Council. All it takes is one employee to click on one phishing or spoofed email for all hell to break loose throughout your network, and for your profits to suffer as a result. The impact of a cyber security event can be devastating to a small business.
THE FIX: Find out if your IT partner offers cyber security training. It’s an absolute must in today’s environment. Employees should be trained to recognize malicious emails or attachments that will infect their computers with viruses or worse, ransomware? Are they visiting social media sites that are portals to hackers? What do your employees do when a hacker calls them pretending to be from their IT vendor and asks them for their password?
Data security is a critical responsibility for everyone in your company. Also, don’t treat cyber security training as a one-time event, but rather, as an ongoing process to keep your employees current and resistant to emerging cyber security threats.
At IND Corporation, we offer employee cyber security training programs that greatly reduce risk against malicious emails that install viruses, ransomware, and steal funds and identities. We’ve found that continual training reduces the rate of taking the click bait from an average of 20% to as low as 2% after one year of continual training and testing.
Want to avoid becoming phish bait or find out where your network is vulnerable? Contact IND Corporation to discuss your business computing and managed IT service needs. We’re located in northern New Jersey and serve companies throughout the state, including one-hour urgent care response for NJ businesses with our TotalCare comprehensive managed IT services program.