The Expert Podcast

Look whether you're a big company a small company You certainly have had the idea of cyber security Come on your radar screen. you may have been a victim Of some type of a cyber event Or loss You may have been made aware of it by your IT person Maybe a client has required it. What do you need to do Well let's take a look at the biggest mistakes that companies make With cybersecurity. we'll take the lead from the wall street journal on this even though we've talked about this in other videos. Cybersecurity Isn't just about an IT person locking down your network. It's not about passwords Per se it's not even about cyber insurance which is an important part of it. The bigger parts are human Let's take a look at what those are One mistake is to Focus on tech instead of employees. So yeah you can have all the platforms all the password Monitors all the firewalls you want But if your people in your company Are accidentally obviously they wouldn't do it on purpose Leaving vulnerabilities leaving Opportunities to get in It defeats the purpose of all those firewalls. for example If your employee opens up an email that has an attached file That can get right through your firewall. So if your it person has done a great job in putting together firewalls and systems and procedures and monitoring But you have an employee who's working from home that opens up a malicious file All that gets thrown out the window. So make sure that the human part of it Is taken care of. Now Let's take a deeper dive into the human part. Training is one part of it But the bigger part is changing attitudes. and the attitude is being aware that these things can happen. Look if you just train somebody to fill out a form Or do sync things a certain way or do a checklist that's boring And just like you know you've seen the movie office space filling out TPS reports Nobody likes TPS reports. If you're just doing training for cybersecurity That cybersecurity training is going to become a TPS report.
And if that's like watching a video or even if it's once a month talking to a manager and a meeting It's not going to work all the time but you want to build a culture. And has employees to see security as part of their job. Part of it might mean Seeing the benefit to them. Maybe cybersecurity will get you more sales somehow Maybe it'll get you more customers. Maybe it'll be a selling pitch that you can add to your A pitch deck that says Hey here's what we do for cybersecurity Your client information is safe. You're not going to have to worry about us about us going down From a Ransomware attack. We protect your information as well We protect your downstream your supply chain. Maybe the cyber security Can be part of your selling Features. maybe if you're a client to a supplier you can tell your supplier look We want to get a little bit better deal because you don't have to worry about us Voiding our contract because of cybersecurity. Number three according to the article is make sure your leadership whether it's you or your managers do And not just say. And have them demonstrate that Using two factor authentication do other things. and even talk the talk Right Make sure that in all the meetings that you have you're mentioning it and how important it is and you know have the belief in it as well. It's kind of boring and it's a little bit Kind of cliche but making sure that that's part of your corporate culture. And this is a little bit counter counterintuitive You might think that well worry about prevention and not Recovery. Well that's true But if all you're doing is worried about let's say if you're worried about fire prevention and you have You know safety and and in your company and no open flames but have no fire extinguishers you're going to burn down because at some point something will happen. You want to have both you want to have prevention but also recovery So plan maybe do drills What would happen if you had a cyber attack. What would happen if you had a ransomware. Check your backups make sure they exist Check your resiliency. Check your your redundancy. Make sure everything works properly Make sure you can restore your accounts payable if you need to. And this last one is really what I think a duplication of number three missing the competitive advantage. If you just view cybersecurity as a cost then it's going to be a cost that no one's going to like it But look as at a competitive advantage. You can gain an edge with customers looking for safety. You can also save money On your bet on your profit and loss sometimes cybersecurity things actually reduce your expenses. It may seem like something that's not interesting Sexy You know important to the business development but in the long run Little bits and pieces of cybersecurity as part of your corporate culture Even if it's 1% 2% 4% of your attention span will eventually help you with business development. And on the day that you would have had a hack that you don't that you don't even know about It will be the difference between your business existing or being destroyed by hacker.