How you handle IT security is more important than ever. Ransomware, a type of malicious software that blocks access to a system until money is paid, and cyberattacks are rising across all industries, according to the FBI Internet Crime Complaint Center.
In 2015, the FBI reports that it received 2,453 complaints of ransomware incidents for which victims paid more than $24 million. That’s up significantly from 2014, when 1,838 victims reported that their companies paid $23.8 million between April and December.
These attacks run the gamut, and can include stealing financial details or customer information, locking up machines, launching distributed denial-of-service attacks, encrypting data or relaying spam to your customers. Ransom demands can run from a few hundred dollars to a few thousand dollars, usually paid in Bitcoins.
So what’s a CEO to do?
Take it to the top.
Many CEOs still rely on their IT department to assess risk and determine security. But, data security and risk management are business risks best addressed by the company’s top leadership.
David Finn, Health IT Officer for Symantec, told the trade publication Health Info Security, “…to make IT responsible for assessing risk across a healthcare organization really doesn’t make sense. They don’t have the skills, they don’t have the focus, and that isn’t their job. Their job is to provide information technology and IT services,” Finn said.
Responsibility for setting data security rules “needs to be pushed up the ladder, to get the business units … the CEO, the CFO involved in assessing what can and can’t be at risk, and what are acceptable levels of risk,” he added.
Invest in anti-malware tools.
Make sure every PC, Mac, server, smart phone, network and cloud-based service associated with your company features an up-to-date anti-theft security package and keep updating it. It will help protect your company’s data and hardware against phishing emails, fake downloads and malicious URLs.
Back up, back up, back up.
Should your firm be targeted with malware, a recent backup of all data, on all devices, can get your company up and running should you get locked out of your servers, desktops or laptops.
What’s more, your backups should be stored offsite and offline. Otherwise, your infected system can lead hackers directly to the offsite data. Think of it: If you’re backing up your PC to a cloud-based service like Dropbox, hackers can access your storage directly from your computer’s file system.
Avoid complacency.
RadWare, a cyber-security company, cites complacency as the biggest security problem facing small- to medium-sized businesses when it comes to protection against malware. In their 2015 – 2016 Global Application & Network Security Report, Shira Sagiv writes, “No one is immune. Few are prepared.”
To effectively combat cybercrime, you’ll need multiple software solutions and some that require manual tuning to be truly helpful. After all, some attacks will focus on your network and some on your applications.
From the buyer’s perspective
And keep in mind that more and more professional buyers are adding IT policies and security procedures to their standard due diligence protocol. This means that if you are considering exiting your business in the next few years, getting your IT policies, systems and procedures, especially as they relate to security, fully up to industry standards will be critical.
© 2016 Generational Equity, LLC. All Rights Reserved.
Learn how to prepare your company for your to be “buyer ready” through a free whitepaper from the merger and acquisition experts at Generational Equity.