Cybersecurity: Why should you care?
By Ben Hunter
Why should you care about cybersecurity? You may think, “My company is too small. They aren’t going to come after us.” Being a small company doesn’t mean you are safe; it just means it will be much harder to recover when you are attacked. Weak cybersecurity threatens your bottom line more than most people realize.
Cybercrime has evolved into an actual business model that involves selling services, customer service agents, and message boards among providers. There are even ransomware franchises! Think of it as a modern-day Mafia.
The recent surge in work-from-home options for employees has made monitoring cybersecurity threats even more difficult. Companies are more vulnerable than ever. Cybercriminals can get away with “low tech hacking” techniques, such as impersonating websites or even walking through the front door of an office and straight to a server with sensitive data. Yes, you read that correctly. Would you recognize someone who isn’t supposed to be there when countless employees work remotely?
While there are many steps you can take to enhance your company’s cybersecurity, being successful at it boils down to one thing: creating a culture of cybersecurity. This starts with leadership. The people at the top must change their mindset about these security measures being a business expense. Instead, think of them as a business enabler. Understanding that cybersecurity is a competitive advantage allows you to sell that to your clients when they see other companies on the news facing security breaches.
A culture of cybersecurity also means treating cyber-attacks as a business risk, instead of a business problem. By investing in preventative measures and training employees to be on guard for phishing emails, ransomware, or other scams, cyber-attacks can be stopped before they become an issue. Establishing a culture where employees know the seriousness of cyber-risk and immediately alert your IT professionals after clicking on something suspicious allows you to be proactive and mitigate the risk before it becomes too serious.
If you are thinking this still does not apply to your company, keep in mind that even if you are not collecting customer payments or significant client data, you likely still have employees. They have personal data that could be a target for cybercriminals as well. No matter what type of business you are, you have data that cybercriminals want and are able get their hands on.
If you are concerned about your organization’s vulnerability, contact Ben Hunter, or any of our trusted advisors to find out how BRC can help.
Ben Hunter, III CISO, Advisory Services Principal, CPA/CITP, CISA, CRISC, CDPSE, CISM
Ben is the Chief Information Security Officer for BRC and is a Principal in our Firm’s Risk Advisory Services Practice. He specializes in Cybersecurity and Information Technology Audits and Assessments. Ben began his cybersecurity career in the US Marine Corps. After becoming a Certified Public Accountant, he continued his cybersecurity and IT Audit training […]
The information contained in this article is for informative purposes only and should not be relied on when making any business, legal, or other decisions. This information may be updated without notice and/or may not contain the most current information that is available related to this topic. Please consult with your advisor to determine how this information applies to your specific facts and circumstances.