Just recently, I learned about a local business that experienced a cyber attack. All of the employees were sent home to work from their personal computers because the owner was afraid that using their business systems would make matters worse.
This business owner called and asked me to come over to talk with him about the situation.
As we sat in his conference room and discussed what was going on, he was being attacked — while I was there! Bank accounts and financial information were being compromised in real-time.
After some discovery, I learned that almost none of the basic security programs and procedures that a professional IT person would implement were in place. The business had outdated equipment, out-of-date anti-virus, out-of-date anti-malware, no firewall updates, shared passwords, no secure login accounts, and sketchy backups.
This company was technically out of business due to a cyber attack.
The reality of the situation is, cyber attacks can’t be 100% blocked. Attackers are always one step ahead, finding new ways to use the vulnerabilities in software and hardware to break in and enter networks.
In most cases, however, if you lock as many virtual doors as possible, you will avoid most intrusions.
For as long as I can remember, IT service providers have preached about security and the real threats of viruses, hackers, and malware. And yet, in many cases, business owners (and even some IT professionals) have not paid a tremendous amount of attention to these cyber risks for two reasons. First, they think, “It won’t happen to me,” or second, “Seems like a bunch of scare tactics.”
Well, times have sure changed.
Today, cyber risk is real, and so is the business risk that comes with it. I am almost sure that every business owner or executive knows someone that has experienced a significant loss due to a cyber attack of some sort.
Unfortunately, I have seen the situation noted above far more often in the last two years than I have in the past twenty-eight combined. Cyber attacks are real and are a serious business risk.
Taking cyber security seriously is no longer optional.