What EVERY Business Should Prioritize– NOW!

Important Cybersecurity Guidance from your CIO, Timothy Poyner - President of CTSi

Indiana is opening up... Mostly. Kinda. It’s complicated. As we think about our businesses and what the coming year may look like now, it feels important to work through some important takeaways from the past year, particularly related to the security of your business.

4 Things that we “kind of” knew– but we REALLY KNOW NOW

The past year confirmed trouble spots in the security of our businesses that we knew were true, but we didn’t take seriously. Unfortunately, it also forced us to come face to face with those realities.

  1. IT companies are now being held liable
    For our industry, the move to remote workers has shifted a large amount of responsibility and liability to technology providers. Managed Services Providers have had to tighten up areas where risk felt manageable in the past. Weak points have now been exposed and Cybersecurity is now a major area of focus. As an example, I’m sure you heard of the Solar Winds attacks that came uncomfortably close to our country’s nuclear defense systems. This breach came through a technology services provider tool and became a massive concern. Another example is the rampant growth of phishing attacks. Breaches are happening all over, beginning with an innocent “login” by a staff member who thinks they are verifying a charge or a password. Once compromised, the breach blows up and your business is in real danger. Even Apple had a recent ransomware attack related to confidential designs of upcoming hardware releases. The risk has dramatically increased. For me to serve you well, my business must step up to protect you, and all of my customers. This has meant a reshaping of our Professional Services Agreement plans as we’ve adjusted what security precautions are “non-negotiables” so we can protect you moving forward. For example, our customers must become compliant with multifactor authentication, security awareness and training, and password managers. Without these basic precautions, the risks to your business, and every other customer we serve, is too great.
  2. YOU are vulnerable now in those same ways
    This seems like an obvious statement but is important to emphasize. If your technology providers recognize greater vulnerabilities, it would be foolish to not recognize how your business is now facing these same, increased threats. We’ve stepped up our cybersecurity requirements, and regardless of who is managing your technology, you would be wise to be sure that you demand increased security for your business as well. It reminds me of the need for maintenance on your car. You know you should check your oil levels, tires, etc., but most of us ignore these important maintenance tasks until something happens. Suddenly you’ve created a much more expensive and disruptive problem. A simple example is backing up your systems. It’s easy to ignore until something happens; then you realize just how valuable backing up can be. The problem is that the past year has been raising warning flags like bright flashing dashboard lights telling you something is terribly wrong. If you ignore this now, you might find the cost to be unsustainable to your business.
  3. Remote working is now the norm – as are cybersecurity threats
    Workplace flexibility has been increasing in popularity for a while. You probably had conversations with your staff about the ability to spend time working at home or in the community. Prior to the pandemic, these conversations were an underlying topic, and often ignored the cybersecurity risks. Now, many companies are open to permanent remote workers. I’ve heard recent statistics expecting at least 50% of businesses will continue to accommodate a choice for remote workers. While it is a great thought to allow for this flexibility, you can no longer ignore the massive threat this poses to your business. Here’s the problem. You have no idea how secure their home network or computer may be. Even worse, you can be quite certain they are not secure as they travel and connect to hotel and coffee shop networks. Every time they log in to do their work to grow your business, they simultaneously open an avenue for hackers to bring your business to its knees.
    Without a good, security-focused MSP to ensure the security of remote workers, your business is extremely vulnerable. Think of it this way. In battle, your battalion is safer when they are together, closing in gaps to protect every member from attack. Your soldiers are now spread and vulnerable to attack. You have no line of defense and your business is vulnerable. And that is the case for businesses just like yours. People are saying we should expect the largest breaches we have ever seen in the coming months. As businesses have worked to accommodate the needs of staff, they have become their own worst enemy. If you don’t close the gaps, you remain terribly vulnerable. It is just a matter of time before the enemy successfully attacks.
  4. In Cyber insurance, insurance companies are clearly denying claims
    You might be reading this and thinking I’m simply using scare tactics. Do the research. Ask the questions. You will find I’m actually giving you factual information intended to save you from a great deal of headache and expense. Don’t think your cyber insurance is sufficient to protect you. That is a simple misunderstanding of how your policy works. In the same way that you must take appropriate steps to protect your property to benefit from your homeowner’s insurance, for your business you must demonstrate due diligence! Otherwise, the breach is on you! And, you’ll be out double —the cost of premiums and the added expense for the damage, recovery, and remediation if you can survive the breach! I’m not writing this to scare you. I am sincerely acting as that dashboard light trying to tell you, “Your engine is overheating!” Ignoring these warnings could spell the end of the business you have invested so much in to create and grow.

We can help you to know that you are safe to keep on moving forward and growing in this new reality. It’s true that we aren’t the same, but that doesn’t need to hold you back. It does, however mean we need to heed the lessons of this past season so we can press on to greater things in the future. Don’t ignore the risks. The cost is too great. Instead, take action to protect your business so you can keep pressing on. If you would like to talk about what this means for your business, don’t hesitate to reach out. I’ll be happy to grab a quick, 15-minute call to hear your concerns. If that time is sufficient to answer your questions, that’s great. If we need to schedule more time to take important steps together to secure your business, we’ll schedule something.

If you’d like to schedule a 15-minute call with Tim, you can do that here.