I’m honored to be part of CompTIA’s cybersecurity advisory council. It’s a powerful group of highly skilled people with a stated goal of “To develop the tools and resources that tech companies can use to increase the cyber resilience of the IT industry and accelerate the adoption of best practices.”
It’s important to me to give back to our clients and prospects so we can protect their reputation, people, and profits. Recently, the council had a lengthy discussion on questions we should be asking clients so they can internalize and verify what issues they are solving.
We’ve all worked with clients that sometimes answer technical investigative questions with “We are sure we are ok there.” One of our members, Joseph Stienberg, raised a critical thought about the “we are sure.”
“Why are you sure?” was his question. That really resonated with me. It’s an appropriate response to executives that have asked you to review their IT and security systems. To be clear, this isn’t a gotcha question; those are always junk. It’s a genuine inquiry about why they are so sure that a specific system is 100% operational.
“Why are you sure?” is the right question so companies are well protected. At KME Systems, we always tell our clients, “old threats evolve and new threats emerge.” It’s not just for malware. It’s to get everyone thinking about security from a process perspective.
Why you think you’re sure
The issue is that protecting your business data is not a one-and-done situation. You may think you’re sure because you have antivirus and backups in place, but that doesn’t mean you’re always protected. While these are some of the fundamentals of protecting your business data, it’s not always enough. Security is never 100% guaranteed due to the ever-changing landscape of threats, and what’s good for your business today may not be good tomorrow.
You also might be thinking, most of these security threats are usually towards larger companies; it won’t happen to me. Wrong again. Malicious organizations know that smaller companies probably don’t have security measures in place like the larger companies. So, attacking smaller companies can be a more effortless payday, even though it might be for a smaller amount.
So how can you “be sure?”
Think about it this way
Let’s use the analogy of the human body compared to security protection. The human body is constantly being attacked by outside threats such as viruses and diseases. You usually take measures to prevent these external threats from making you ill. Things like exercising, avoiding other ill people, eating well, taking your vitamins, etc. But even with this, there’s a chance of still getting sick or catching a disease. Why? Because the threats are constantly evolving, and these methods may not be enough sometimes.
Seeing a doctor regularly (a professional that has extensive knowledge of the human body) is recommended to see how your body is doing at that precise moment. And it helps with catching warning signs early.
The same is true for security. One solution doesn’t protect all, and it can be different from person to person and business to business. Just like a disease or illness – once you experience the symptoms, it’s usually too late. The same goes with your company. Once your data is compromised, it’s too late. The interesting thing about most security attacks is they tend to occur days or weeks before you start noticing the issues.
How can you be sure?
With the cybersecurity landscape constantly changing, it’s important to ask yourself this tough question.
Why are you sure?
If you were reading this and have any inkling of doubt that you’re “not sure,” there are plenty of great IT partners to help you, and KME is one of them. We are consistently keeping watch, changing processes and technologies to combat against these future cyberthreats.
If you need help somewhere besides Southern California, let me know. I’m sure we can help or get you local assistance from another MSP. 😊