Sometimes it’s helpful to have someone give you a quick-tip, am I right? Just a nice, little nugget of information you can use to apply to a much larger, more complex topic. Here’s one for you, on the house, from Better business Bureau Northwest + Pacific:
I’m sure, as a business owner, you’ve heard on more than once occasion the importance of cybersecurity. Indeed, this is a very important element of running your business. Keep those scammers and hackers out. Keep personally identifiable information safe.
But, to be honest, it’s becoming more likely they will get in, and the scary part is, you might not even know it. What business owners should also be thinking about is how to keep the scammers from getting back out.
This is one of the points I learned talking with Josh McKinney, Chief Information Security Officer at Vancouver-based Edge Networks, a cybersecurity firm. (Keep your eyes peeled for BBB’s next In Trust issue coming Fall 2019 where I spoke to McKinney, at length, about data security.)
This concept of keeping the bad guys from escaping once they’ve hacked their way in, he calls, a “bank vault mentality.”
“We are way past ‘keeping people out,’” McKinney asserted. He said that in 2019, it’s highly likely scammers can gain access to your systems and networks – especially for small business owners, it’s almost too easy to get in. So, in order to manage that risk, McKinney says to focus on eliminating exfiltration.
“Imagine you had a bank vault and $10 million dollars in there, and it was sealed, locked and your money was safe,” McKinney said. “But what if the bad guy made it in? He breaches and is in your vault but then the door closes and locks behind him, and he can’t get out. Is your money safe? Yes, I think so.”
A cybersecurity expert will tell you to always assume a breach can happen. Or, that it might have already happened and there are hackers in your system spying on your business data and your transactions waiting to make the right move at the right time. In order to counter this, business owners should focus on two things:
- First, do you have the proper alerts set up so that your infrastructure can identify a breach? McKinney says it’s key not to ignore red flags or noisy notifications – these could be signaling a bigger problem.
- Second, is there a plan in place if an “intruder” gets in? Again, McKinney advocates for an established lock-down procedure so that the hacker can’t leave with your data.
In this sense, you’re closing the vault on the scammer and minimizing the damage done. It’s a critical part of any ongoing cybersecurity effort. And, if you’re just starting out with these concepts, or perhaps just beginning to have these conversations with outside experts, this is a great piece to bring up.
The reality is we live in a digital age with looming threats around every corner, or every click. Don’t wait until an attack happens to have a plan in place.