Why Security Technology May Not be Enough

Why Security Technology May Not be Enough

In the world of small business, every expenditure is closely examined for its value. There are no middle managers just trying to use up their budget to make sure they get as much to spend next year.  So, when we talk about risk management programs to reduce cyber crime, the first question is always, aren't my IT people already protecting me?  The answer is yes, but only partially.

Technology solutions in cyber security include firewalls, anti-virus, anti-spyware, anti-malware, encryption, back-up systems and more. They are absolutely necessary, but they can only protect what is inside your systems, and the biggest thing they can't control is us.  Yes, us, as in people, in general.  One of the biggest exposures a business can have is human error.  A person may click on a link or visit a website with malicious code.  They may allow someone to follow them into a secured area without seeing ID.  They may give out information over the phone that should not be given out, or share passwords, or keep passwords too long, or take company data off premises and lose it, or... the list goes on and on.

Technology also can't control your e-mail, especially if you're using a mass market provider, like AOL, Gmail, or others.  Is your company using email in a proper and secure manner?  We all rely on it for cost and time-effective everyday communication, but have we stopped and thought about what would happen if we lost access to our accounts?

At CyberKnight Risk Management Consulting, we understand the technology, but we are not IT providers.  We are more than happy to work with your existing IT providers (or recommend one if you don't have one), whether in-house or third party to create a seamless plan to protect your company.  What we do is provide written information security policies, train our clients and their staff and document what has been done.  We also perform risk assessments and other related services.

A written information security policy may be required by federal or local regulations or contractual obligations.  It might also get you better rates for a cyber liability insurance policy.  If you do suffer a breach, the fact that you had a written policy and conveyed it to your employees can help you avoid liability for any resulting damage.

Our plans address what to do and what not to do before it happens, because an information breach can have serious repercussions in the way of damage to the company's reputation which can result in loss of business, loss of productivity, loss of information and the cost of forensic investigation, remediation, fines, credit monitoring and other damage control.  The cost of an information breach averages $200 per record, so if you have 10,000 records in your database, it can cost you $2 million.  Can your business withstand that kind of a loss?