[BreachExchange] Why Entrepreneurs Should Take Cyber Risk Seriously

Tue Jul 26 20:29:58 EDT 2016

http://wwpi.com/2016/07/25/why-entrepreneurs-should-take-cyber-risk-seriously/

Too often, the words “cyber risk” do not resonate with entrepreneurs. They
are focused on the building blocks of their business whether that’s
launching a new product, getting funding or bringing the best and brightest
on board. They thrive on being nimble and opportunistic risk takers
shunning anything that may confine their efforts, which in their minds
includes cyber risk. However, some risks should not be ignored, especially
those that, if not addressed, could lead to the downfall of a company.
According to the Ponemon Institute, the cost of a data breach has reached a
record level at $3.8 million representing a 23 percent increase since 2013.
Entrepreneurs need to figure out how to strike a balance that will enable
them to maintain their edge while also managing their cyber risk.

Cyber risk boils down to two categories—people and technology. People
oftentimes unknowingly create the most significant risk to a company,
especially a small one. In a startup environment, employees often work
remotely using unsecure, public Wi-Fi, weak passwords and log onto cloud
services without vetting their security posture. Also, many entrepreneurs
do not use two factor authentication or encryption. They outsource much of
their operations to third party contractors who put cyber security at the
bottom of their priority list. On the technology side, entrepreneurs are
most concerned about coming up with the next “cool” thing that can make the
most profit, and therefore security takes a back seat. That mentality is
especially true with internet-connected technologies. For example, in 2013
researchers discovered a firmware vulnerability in Foscam cameras that
enabled hackers to remotely steal credentials on the device. Because there
isn’t a security standard for the Internet-of-Things, many devices are sold
to consumers with gaping vulnerabilities that could jeopardize their
security, safety and possibly open a door to the rest of their information.

All businesses, startups and enterprises alike, face those kinds of cyber
risks. However, the ramifications if a breach were to occur are much
different. Whereas enterprise companies can most likely withstand the
financial and brand damage associated with a breach, most startups cannot.
Not only do entrepreneurs typically have less of a financial safety net,
they also rely on outside partnerships with banks and investors and must
demonstrate to those stakeholders that they are secure. In addition,
entrepreneurs typically aim to service large companies, many of which will
turn their backs if they see the startup suffered a compromise or brings an
elevated level of risk into their network. If there is a breach, smaller
companies may also face regulatory fines and lawsuits, which are costly
repercussions and tough to overcome.

Entrepreneurs must strike a balance between innovation and cyber risk
management. That includes the following:

- Know and control your information
Being small can make controlling your information easier, but it can also
quickly lead to a disorganized sprawl among different machines, cloud
storage providers and USB drives.  The first step in protecting your most
valuable assets is identifying what they are, where they reside and who has
access to them.  Just like in the physical world, all information assets
are not created equal, and they should be protected in accordance with
their value.
- Take advantage of readily available protection features and secure cloud
offerings
While the online world has grown less secure, major software makers and
cloud providers have vastly improved the quality and availability of
security features that just a few years ago would have been unavailable to
small and mid-sized companies.  Unfortunately, most entrepreneurs do not
take the extra few minutes to take advantage of these features. It is
relatively easy to maintain the right patch levels, encrypt your laptop and
smart phones, subscribe with an online storage and software provider that
offers encryption, a two factor authentication provider to ensure only
authorized users have access to valuable information, and a cloud based
access control provider to allow you to centrally control who has access to
which data.  These kinds of features allow entrepreneurs to control their
valuable information with minimal effort and demonstrate to their global
enterprise clients that they are competent providers that care for their
clients’ information as if it were their own.
- Engage an expert

Although it is easier than ever to create a secure mode of operation, it
still does require some minimal level of understanding and knowledge that
many are not able or interested in acquiring.  It is strongly recommended
that entrepreneurs engage experts to set them on the right path so that
they can grow quickly and securely.  The alternative can be a lot costlier
and time consuming.

Cyber security should not be viewed as a necessary evil, but as a core
value.  Just like you lock the doors to your offices and buy a car with air
bags, protecting your information and that of your clients should be a top
priority.  Entrepreneurs can balance both—effective cyber risk management
while maintaining the nimbleness, innovation, customer satisfaction and
growth they desire. All it takes is understanding the value of a quality
cybersecurity program and the risks of failing to implement one.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160726/f6ac6ef4/attachment.html>