Cyber Security

Risk # 1 - Cyber Security

This is the 5th and final article in the series titled 5 IT Risks That Could Cripple Your Business: How to Mitigate Them.  To recap, the other 4 risks are:

#5 – Lack of Alignment between IT and Business Teams

#4 – Finding and Retaining Skilled IT Personnel

#3 – Outdated Systems and Processes

#2 – Data Management and Data Quality Issues


Please refer to the blog article for more information. Just about everything we do is monitored by someone these days.  From cameras that watch over cities or watch our homes to smart cell phones that monitor every aspect of our lives to even TVs and other devices with smart technology that seem to be listening to our private conversations.  That is a way of life today.  That means there is a far greater chance that information collected will get into the wrong hands.  That is why  Cyber Security is the biggest risk to every business, every individual and every nation.  The risk is huge, far greater than you may realize.  However, in this article I will focus on the impact on businesses.  So why is Cyber Security the biggest risk to any business, large or small.  

Today, everyone is connected to the internet.  Would be hard to imagine almost any business  functioning these days without having an online presence.   This has changed the landscape of doing business in many ways, good and bad, but one of the best being that a business can almost instantly interact with potential customers.  However, the downside of that is it can lead to cyber-attacks.  It used to be that only employees of a business had insider access to business information.  Today, competitors and cyber criminals potentially have access to data. This has forced companies to go to great lengths to protect against threats.  Another reason why Cyber Security is the biggest risk to companies is because there is no other risk that can potentially put you out of business within months of a breach.

Cyber Security

Why Cyber Security is the Biggest Risk to Business:

We all know that technology drives business.  That is why a company like Uber has rebranded itself as a technology company.  But the reliance on technology also has the downside of making businesses more vulnerable to cyber-attacks.  It happens so often these days that it is difficult to keep up.  No one is safe.  It happens to businesses of all sizes, in the public and private sector.  For example, recently, Russian hackers breached 632,000 email addresses of DOJ and Pentagon officials.  In the private sector,  popular password manager application LastPass had a large hack costing millions a month ago.  

The impact of cyber-attacks can be devastating to businesses of all sizes.  They not only disrupt operations, but also result in financial losses, reputational damage, and legal liability issues.

The risks are wide and deep and constantly evolving.  So what are the risks ?  

  • Phishing – Phishing attacks are designed to trick users into revealing sensitive information, such as passwords or credit card numbers.  Victims often receive emails or text messages that appear to be from legitimate sources like banks or well-known companies.  The messages contain links or attachments enticing them to click resulting in Malware being installed on the computer or device or redirecting them to a fraudulent website where they are prompted to enter login credentials, credit card information or personal information.  They are very sophisticated and convincing.  I recently had a friend that worked for a school district call me in distress because they had received an email that appeared to be from the school board but later realized after clicking a link and entering personal information, that it was not from a legitimate source.
  • Malware – Malware is malicious software that can damage or disable computer systems or networks.  An attack can disrupt operations, steal data, or just spy on users.  It is often spread through email attachments, infected websites, and USB drives (employees loading infected drives into the company network).
  • Ransomware – Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment to decrypt them.  This is a very common attack launched against businesses these days and is very disruptive.  They prevent businesses from accessing their data and in essence shuts down operations until a ransom is paid.  A popular hotel in Las Vegas was hit by a similar attack last month that estimated losses in tens of millions.  
  • Denial-of-service (DoS) – DoS attacks attempt to overwhelm a website or server with traffic, making it unavailable to legitimate users.  This really impacts those companies that rely heavily on online sales.  
  • Supply chain attacks – Supply chain attacks target businesses through their third-party vendors. Cyber criminals look to compromise a vendor’s system in order to gain access to a company’s network.
  • Data breaches – Data breaches occur when sensitive information is stolen.  This particular threat is an extremely common cyber threat today because data is golden!  This can include customer data, employee data, and financial data.  In addition, it can include company secrets or even damaging emails that company executives do not want exposed to the public.  This has a serious impact on a business’s reputation and bottom line. 
  • Insider Threats – These are threats from within the company, whether malicious or not, it is often the greatest threat.  These are threats posed by employees and contractors working within a company.  What makes them very difficult to stop is because a company can do everything right, have all sorts of protection measures in place, be regularly monitoring the environment for threats, and still have an employee click an attachment from an infected email that got through the defenses or connect a USB drive to the network that has malware and the Company is compromised.  It is difficult because a company can take all the proactive measures it can think of, but they mean almost nothing if employees do not follow procedures.  Employees are the biggest risk to an organization.  What makes it even more challenging is that threats are caused by a number of things, not just malware.  Another culprit is weak passwords.  Weak passwords are easy for cyber criminals to guess or crack.  Most IT professionals can probably remember a situation when the password for some computer application was something like “password” or “password1”.  Another common example IT professionals run across is a password that is emailed around the company so often and with such little regard that it is like they were sending around a recipe for banana pudding. 
Cyber Security

How to Mitigate Cyber Security Risks to Business:

On a nearly weekly basis, there are breaches of well-known organizations.  Many of these organizations have all the resources in the world, so it is not easy to protect against all threats.  Criminals are finding more unique ways to comprise businesses and individuals.  Most of us have probably received an email or other notification from a vendor stating that there was a data breach and some personal information may have been compromised.  Some businesses seem to be adopting the mindset,  “we will do everything possible to protect against threats.  However, nothing is 100%. So if on rare occasions we are compromised, we will make sure the impact is minimal”.  Nevertheless, companies can take a number of actions to greatly reduce the chances that a breach will occur and if it does occur, to minimize the impact.   One of the most promising things is that these actions can be implemented by small businesses as well as large ones. 

  • Implement a layered security approach – No single security solution is enough to protect against all cyber threats.  Businesses should adopt a defense in depth approach.  Businesses should implement a layered security approach that includes a variety of controls, such as firewalls, intrusion detection systems, data encryption, and continuous training of employees.  In addition, a company should have a robust email filtering system to remove suspicious emails.  Finally, organizations should be using multi-factor authentication (MFA). 
  • Educate employees – Employees are often or dare I say usually the weakest link in the security chain. It is important to educate employees on cyber security best practices, such as how to identify and avoid phishing attacks or instructing them on what a strong password looks like.  Businesses should require their employees to change their passwords regularly.  It is also important to implement security controls to restrict access to sensitive data.  Monitor employee activity for suspicious behavior. Conduct regular background checks on employees and contractors.  Remember that unintentional insider threats may accidentally expose data or compromise systems due to negligence or lack of training.  Finally, being aware of social media posts from employees that may show changes in behavior or signs of being disgruntled. 
  • Patch Software – Software vendors regularly release security patches to address known vulnerabilities. It is important to keep all software up to date with the latest security patches.  This often is done well when it comes to patching operating systems but it is also important to do so with vendor software.
  • Cyber-security plan –  In the event of a cyber-attack, it is important to have a plan in place so that you can quickly restore your computer systems and data. Everyone should know exactly what to do including how possible breaches should be reported to mitigate the damage as quickly as possible.  The faster companies can recognize and begin to address the threat, the less of an impact it will have.
  • Backup Plan – Implement a comprehensive backup and recovery plan. Regular backups and ensuring a quick restore capability. One thing that many fall short of is actually testing backup created.  It is important to conduct simulated ransomware exercises to test backup and restore capability and response strategies.
  • Supplier Security Checks – Conducting thorough security assessments of suppliers and third-party vendors. Require suppliers and partners to meet certain security standards. Monitor the supply chain for suspicious activity.  Remember to monitor supplier and contractors’ access to systems.
  • Secure Data – It is important to implement security measures to protect data from unauthorized access.  Encrypt all sensitive data.  Regularly monitor systems and networks for suspicious activity. 



In closing, Cybersecurity risks are a serious threat to businesses of all sizes. By being aware of the key risks, taking steps to mitigate them and remaining proactive, businesses can protect themselves from costly and disruptive breaches

Subscribe to our newsletter!

* indicates required

Cyber Security