Cyber security breaches are a threat that everybody sees coming yet few seem able to stop.
After all, the numbers are staggering. According to the Privacy Rights Clearinghouse, over 120 million distinct data records were compromised due to cyberattacks on businesses last year. Not only is this an alarming number, but the rate of increase is especially disturbing; 2015’s total was over twice 2014’s.
Successful entrepreneurs have to be especially concerned about cyber security because they both have businesses to run as well as a great deal to lose personally. They are, in effect, targets two times over, which means they need to be doubly careful. Unfortunately, with people caught up in the rush of managing complex ventures, that is often not the case.
Finding innovative ways to exploit a fast-changing field such as technology is the kind of creative thinking entrepreneurs can appreciate. Of course, most do that within the law, but in essence cyber criminals who find security flaws and pioneer new kinds of scams are entrepreneurs of a completely different stripe. They should not be admired for their creative dishonesty, but recognizing them as the dark side of entrepreneurship does help legitimate businesses and individuals appreciate what they are up against – a resourceful and formidable foe.
Understanding this enemy means knowing the nature of their attacks and who tends to attract the more sophisticated ones. “Cyber threats are not cookie-cutter,” says Frances Dewing, Chief Operating Officer of Concentric Advisors, a company specializing in sophisticated cyber and physical security for individuals and families. “Individual cyber-crime is highly targeted and based on economics. Sophisticated software allows criminals to sift millions of lucrative targets. If you have money, you are a juicier target.”
Those targets are attracting more and more attacks. According to the FBI’s 2015 Internet Crime Report, cyberattacks accounted for over a billion dollars in direct financial losses last year. Those direct losses do not account for customer desertions or reputational harm resulting from being victim of a cyberattack. Nor do they account for the time people must spend to correct records and replace accounts when they have been victimized.
The chief point of vulnerability is e-mail. For one thing, it is a frequent point of access with outside businesses and customers. For another, e-mail can often lead criminals to the type of sensitive information they seek. Addressing this vulnerability entails putting in place strict security policies and procedures. “It’s an opportunistic crime, so the idea is not to be the easiest target,” says Dewing. “Just as in the physical world criminals look for unlocked doors, the cybercriminal is going around the online neighborhood jiggling the door handles, looking for an easy target – the least protected individuals.”
Creating varied and complex passwords, being careful not to click on attachments and links from unknown sources, and requiring independent authentication before conducting transactions based on e-mailed instructions are all security protocols that companies these days have repeatedly drilled into their employees’ minds. Still, as much as you prepare your employee base for these threats, there is one point of vulnerability you should be especially concerned about – yourself.
A leak from the corner office
Although naive new hires or disgruntled ex-employees might seem to be the biggest risks to cyber security, security leaks often come from the opposite end of the corporate food chain. Senior executives want immediate access to information wherever they are, and often feel too pressed for time to be concerned with details like security procedures.
Still, executives who crave instant access to information for the sake of expediency should step back and think of this in cost-benefit terms. Yes, there is a benefit to both speeding decision-making and freeing executives to stay fully informed wherever they travel. However, letting a company’s guard down in order to expedite access to information can be counterproductive – it can slow things down rather than speed things up by requiring an enormous of time to be spent repairing the damage from data leaks, and it can render valued information useless if it is compromised.
Despite the threat, entrepreneurs are risk-takers by nature, and so will always be tempted to take security short-cuts for the sake of expediency or opportunity. Still, Dewing points out that there is a broader context to consider: “This isn’t just about your own security – it affects everyone you are connected with. People tend to be cavalier about their own security, but if we all take on a social responsibility for our family, friends, and associates, we can create a safer environment for us all.”
Strength in numbers
One of the benefits of membership in TIGER 21 is help in meeting rapidly-evolving challenges like cyber security. This help can come in a variety of ways:
Emerging knowledge. Again, cybercrime can be thought of a dark form of entrepreneurship. This means that there is a great deal of creativity and persistence being put into trying to steal your information. Sharing experiences with people who face similar challenges is a good way to keep up on what new forms these threats are taking. It also helps to go beyond simply installing security software. “Security is not a one-time fix” says Joe Levy, Chief Revenue Officer of Concentric Advisors. “People need a trusted advisor to help them understand the latest threats, and also to be available to answer basic questions like ‘should I click a link or change a password?’”
Vetting security measures. There is no shortage of organizations offering advice on cyber security, but when the field is in a rapid state of flux it can be difficult to say which consultants and techniques are effective. Sharing some of the trial-and-error involved among similarly-positioned entrepreneurs can accelerate the learning curve for all.
Awareness. The effectiveness of cyber security comes down to having the discipline to apply sensible measures rigorously and consistently. The temptation for busy people to cut corners “just this once” is strong, so having regular contact with people who are grappling with cyber security – and perhaps have been victims of attacks – is a good reminder to resist that temptation.
The value of information has made cyber security a high-stakes game. Fortunately, entrepreneurs have powerful, competitive instincts. As criminals try harder to steal information, the defenses entrepreneurs come up with to beat them at this game should become more creative and effective.
President & CEO of TIGER 21