A lot of business leaders continue to believe that they’re not a target for cyber criminals because they don’t have anything that attackers want. This mindset is dangerous because data has value in obvious and not-so-obvious ways.
What’s more, protection of the data that you gather, store and transmit can now be considered a business capability that every organization needs to practice. This applies to not just the actual information but also the gateways used to access data.
To understand the value of information, let’s explore some of the ways that cyber criminals use it.
- Take away your access to your information and demand payment from you to get it back.
- Threaten to expose your information for all to see.
- Sell your information to others who will do something with it (like take away your access).
- Sell access to your information so someone else can get an even bigger payoff.
- Use it themselves to either directly monetize or get to a bigger target
Not All Information is Created Equal
When you’re planning how to protect information, you’ll inevitably realize that some types of data are more important than others. For example, your financial and banking information is more vital to your business operations than the documents that explain your safety guidelines.
That’s not to say that safety guidelines aren’t important, but you can easily recreate those documents if they were lost and re-establish your safety training program. It’s a different story if your bank account routing and identifying numbers get into the wrong hands.
You’re likely more willing to go to greater lengths to protect the information you feel is more important – to you. But you work with a lot of information you don’t own that comes with expectations that you’ll keep it safe and confidential.
What kind of data are we talking about?
Information You Own
This is information generated or created by your organization, including:
- Financial and banking information
- Customer transactions
- Processes, patents, and other intellectual property
- Prospect lists and business strategy documents
- Passwords and password hashes
- Network topology (both logical design and physical hardware types and usage)
- Browsing history
- Security camera footage
Information You DON’T Own
This is information that you need, but it’s entrusted to you by others, including:
- Customer data, records, and intellectual property
- Personal employee information (social security number, address, references, etc.)
- Employment records
- Vendor information
Cost of a Data Breach
It’s going to cost you something to secure the information in your possession, and you can easily justify the expense by considering what a data breach will cost.
- What will downtime cost your business if you can’t operate for hours, days, weeks, or even months?
- What penalties and fees will you incur if there are regulatory repercussions of data loss or breach?
- What would the cost to your business be if you lost trust with customers?
- What’s the cost of losing your reputation as a good employer?
- What costs might you incur in legal fees if you were sued by customers and/or employees?
A recent study found that the cost of a data breach for more than half the survey respondents was between $10,000 and $1 million. Costs rose if the company had remote workers.
One thing about the after-effects of a cyber attack is that the impact can be very long and drawn out. You don’t usually just pay the bill and you’re done. You deal with lingering effects for months (or even years), and some businesses don’t survive.
Related Resource: What is Cyber Insurance and Does My Small Business Need It?
Pay Now or Pay Later
Unfortunately, too many business leaders wait until after their organization has had a cyber attack to get serious about securing the information they store, use, and transmit. After paying the costs and suffering the repercussions of a data breach, they finally find out that all the warnings were true.
However, regret won’t take them back in time and give them the opportunity to make different decisions.
Like It or Not, You’re in the Cyber Security Business
While your organization has its own unique risk profile and tolerance, security has evolved into a business function that’s necessary for operations. You might even add it to your list of departments – Administration, Finance, Operations, HR, Marketing, Security, etc.
Fortunately, just because you need a security department doesn’t mean you have to resource it internally. Outsourcing cyber security strategy and management is the way to get access to the expertise and technology you need to build an effective cyber defense.
Related Resource: 17 Foundational Cyber Security Measures Businesses Need
Southern California Businesses Can Ramp Up Cyber Security FAST
At VC3, we work with clients to keep their information secure and control access to their network and accounts. So whether you need both IT and security services or just need cyber security management, we can help you ramp up security FAST.