Get Serious about Cyber Security

Is Your Business Serious about Cyber Security?

Most of my clients are small businesses and as with any size business IT spending comes down to ROI (Return on Investment). Recently I had a client ask me to stop doing monthly updates. My response was that is pretty much the rule today is to do those updates on a regular basis. His reasoning was that he is trying to cut expenses and it “Wasn’t Necessary”.

Security is not a sometime thing. It is an all of the time thing. We really need to be more vigilant now than ever. I remember a client who did not renew the virus scanning software for the $300 it would of cost in order to save money. It caught up with him. A virus snuck by that would have been caught by current signature files and his network was infected.  This wound up costing him thousands in the long run and that was just the measurable impact. The loss of production, people not able to do the work, the ticked off customers can literally destroy businesses these days to what is the ROI on that virus scanning software? You can never predict what might have happened if you didn’t have it but in this case the effects were brutal.

I was talking to another business man the other day and he put it quite bluntly. He said not keeping the security portion of IT invested is like not putting oil in a car. It will run for a while but eventually you get burned.

I guess it is what I have seen for years. The “Why would anyone want to attack my network “ syndrome. Well, identity, financial and ransom are just a few I can name.  If businesses do not have a good security plan I believe the odds will continue to grow that they will be hit.

So how serious is your businesses about it? How much have you invested in your security and where is that investment? Too many companies invest in some good hardware and security measures and then leave them. Hoping they are protected.  Hardware alone will not do it folks. It has to be planned and watched. It’s like setting up video cameras and never looking at the monitor or recordings to see if anything happened.

Lastly, I had a new client I interviewed last week. They were getting prices from several places on how they can secure their systems better. As I was going through the process I asked if anyone talked to them about PCI compliance. (They are a retail store). They said none of the bidders had done that. SHOCKING!!  IT professionals with or without a security background need to understand things like PCI compliance or they are doing their customer a dis service. I am still amazed at how many businesses are not even aware of the 12 areas of PCI-DSS. Everyone needs to understand how important it is, what it is and how to become complaint no matter the cost. If not now when?

And by the way. I wasn’t the lowest price but I did get the job J