Follow the Leaders
Question: What is one of the fastest growing forms of crime in the world – and possibly the most lethal threat to your business?
Answer: A malicious cyber intruder determined to compromise your company’s computer system and all of the precious customer, employee and financial data it contains.
Pretty scary, right? So how, as owners of small or mid-size businesses, can we arm ourselves against those who are intent on destroying what we’ve worked so hard to build? That was the topic at the center of our most recent VACEOs Quarterly Luncheon, where the theme was “Protecting Your Business from Cyber Threats: A Practical Discussion.”
Adam Lee, Special Agent in Charge (SAC) of the FBI’s Richmond Division, joined a panel of our own experts: Clay Westbay of Synergy Technical; David Crisafi, Special Agent, Federal Bureau of Investigation; and Julie Gustavsson, COO of Keiter. The group provided us with an overview of the scope of cyber crime and steps we can take to prevent it.
The discussion was moderated by Doug Jones of The Fahrenheit Group, who underscored the importance of the topic. “Understanding how cyber crimes are committed and the risks your business could face if it’s compromised is an important topic of discussion for all businesses, no matter their size,” he said.
“There’s no doubt that cyber crime and system intrusions are here to stay,” Jones continued. “Our panel of experts had tangible experience and advice to share, which really resonated with the group of CEOs who attended the session. It was an eye-opening knowledge-sharing experience.”
Special Agent Lee said the problem of cyber crimes involving businesses is more prevalent than most people think. “The director of our division often says, ‘There are two types of companies: those who have had their computer systems hacked or compromised and those that don’t yet know they’ve been compromised.’”
Agent Lee and the panel asked those of us in attendance to think like hackers and made us wonder, “Am I properly managing my data that’s sitting on my servers?” “Do I have a culture of security?” “Do my employees understand the risks?”
Here’s a snapshot of what we learned and a few takeaways.
PARTNERING IN THE FIGHT
Adam Lee was a surfer, a lawyer and an FBI sniper before taking on the role of SAC of the Richmond Division of the FBI. His territory spans the entire state. All told, the Richmond Division provides federal national security and criminal investigative resources to 82 of Virginia’s 95 counties.
Recently, his division has become laser-focused on national security intrusions and crimes that affect commercial networks and computer systems. His mission is to identify and neutralize these threats utilizing an agency with a relatively small staff.
To succeed in his job, he must build partnerships between his agency and local businesses. Those partnerships begin by making educational presentations and asking businesses to stay on top of common threats – and to think like hackers.
Essential steps for protecting your business? Stay aware of current schemes. Educate your employees. Take proper internal security measures. And most importantly, have some kind of response plan in place in case your system is compromised. (Make sure your plan includes contacting the FBI’s Richmond Division.)
YOUR BIGGEST THREAT = YOUR EMPLOYEES
All of our experts agreed: Your employees are the biggest threat to your system’s safety. Careless sharing of confidential data and opening malicious links are some of the most common ways they can put your data in harm’s way.
So how do you implement a cyber-safe culture? Our panelists say you can start by taking the following steps:
1) Invest in cyber safety training.
2) Make sure your have a clear internet security and data sharing policy in place.
3) Personally demonstrate your commitment to this important issue by setting quarterly meetings to discuss the topic.
4) Be sure your employees understand what measures you will take should your system and/or their mobile device be compromised.
REDUNDANCY IS A GOOD THING
Our panel members also agreed that adding layers of security around your systems is essential. The more important the data, or the higher the risk to your business should it be compromised, the more security measures should be put in place around it. According to Clay Westbay of Synergy Technical, “It’s all about layers of protection and having the right layers in the right places.”
It’s also worth considering engaging a professional consultant to conduct a security audit of your business for peace of mind.
7 CYBER SECURITY TAKEAWAYS FROM OUR PANEL OF EXPERTS**
1) Understand where your biggest data risks and threats are.
2) Invest in redundancy.
3) Keep malware protection up to date.
4) Don’t get too secure in your environment. (One silver bullet does not a secure network make.)
5) Don’t forget to have physical security procedures in place, too. (How easy is it for someone to walk into your server room?)
6) Consider getting a formal audit.
7) If your business is compromised, know exactly how to get your data back and how long it will take.
** Source: “Protecting Your Business from Cyber Threats: A Practical Discussion”Panel Discussion, VACEOs Quarterly Luncheon; March 26, 2015.