What is the reason for having cybersecurity?
When people ask me what I do, it’s often a complicated answer. Information technology in the past 20 years has changed considerably from simply fielding issues related to networking and printing issues to sophisticated threat prevention and detection on top of all other issues.
At the highest level, our job—as IT Support engineers and security specialists—is to manage, mitigate and minimize risks in your organizations. Both risks of users having computer headaches, but even more so eliminating security risks of cyberattacks and data breaches.
In an ideal world, we’d be able to create a check list of items to secure and be done. But the problem with cybersecurity—beyond that of other more traditional security trades—is that the field is changing so quickly and criminals are devising new scams and hacks so frequently that your security team needs to be living, breathing and eating security day in and day out.
If you are the only person doing IT at your company OR if your IT Support is inundated with user issues, they may be overlooking IT security altogether. Not that they don’t have their hearts in the right place. That is not the issue with security. I’m sure if they would be able to field supporting your users and keeping them secure, by all means they would.
But the reality is they probably are overlooking many things that are putting your business at risk for a ransomware attack and they don’t even know it.
True story (names have been changed to protect the innocent).
Trisha is the executive assistant at a billing company. One of the tasks her boss—the owner—had given her was to find nice looking holiday chocolates to give out to their clients to show their appreciation to have such great clients.
While Trisha was online, she saw an advertisement for some rather expensive chocolates at deep discount prices. In fact she found boxes of hand crafted Godiva snowman chocolates (retail price 69.97 per box) for 25 bucks a piece. The boss gave her a green light to spend thirty five dollars per client and she was elated to see the deal. She was certain she’d get some points for this find!
Trisha clicked on the ad, a pop up saying “thank you for visiting our site. Click Ok to continue”. She clicked Ok and started navigating the page. Unfortunately, the deal advertising the $25 chocolates was nowhere to be seen. Disappointed, she left the site and continued to shop.
After a minute or so, Trisha noticed something was wrong with her computer. The files she had worked on yesterday looked funny (the names had all changed into gibberish and she couldn’t open anything!).
Trisha called her IT guy, who came over, logged in with his credentials and tried to remove what he thought was a run of the mill virus. Unfortunately, while visiting that candy site, Trisha downloaded a ransomware virus, which had locked down everything on her machine—all of her files were inaccessible. And when Tony from IT Support came to help, upon signing on with network credentials that had access across the entire network, he had infect every single machine in the office.
There ended up being one file that Trisha was able to open—a text file demanding ransom for her data.
The billing company decided not to pay the ransom. It took three weeks for the office to get back to work from the attack. They had to restore from backups (luckily they had a good backup. Unfortunately that backup was from 4 months ago!).
Rest assured, the billing company lost quite a few unhappy and untrusting clients from this ordeal.
The biggest reason folks like this billing company fall victim to cyberattacks?
They lack proper focused resources exclusively dedicating their time to security.
Whether you outsource your IT or keep it in house, one of the biggest reasons you likely are low hanging fruit to cybercriminals—whether your organization has 10 or 10,000 employees—is because you lack a dedicated and focused cybersecurity team. IT guys simply have too many priorities to keep cybersecurity top of mind. And when they lose complete sight of it, terrible—actually devastating—things can happen!
On a scale of 1 to 10, how confident are you that your office is secure from cyberattacks? If you chose less than a 10, how come? Contact Us TODAY for a free security assessment.