This content is produced by
MOST POPULAR ON BOSTONGLOBE.COM
Based on what you've read recently, you might be interested in these stories
By Jacqueline Lisk
| October 25, 2019
This article is a part of BG BrandLab’s Cybersecurity Special Report, meant to provide insights about today’s cyberthreats and the steps readers can take—as individuals, employees, and decision-makers—to protect against them.
Before you tell yourself it won’t happen to you or your business, let this sink in: Ransomware will attack a business every 14 seconds by the end of 2019, according to estimates from the research firm Cybersecurity Ventures. These ransomware attacks will cause an estimated $11.5 billion in damage. And that is not even counting ransomware attacks on individuals, which occur even more frequently. Cybersecurity Ventures also predicts that attacks on healthcare organizations will quadruple by 2020. So, what is a business owner or employee to do? Let’s consider some practical tips for making a business more secure.
When cyber experts analyze what went wrong in the wake of an attack, they often discover the victim’s security measures were insufficient, says Taylor Lehmann, chief information security officer (CISO) at athenahealth in Boston and former CISO for Wellforce. He has observed that some organizations got bad or no advice from security experts, invested in the wrong tools or processes, or perhaps did nothing at all.
Lehmann advises business decision-makers to seek advice from independent advisers—not the person who is selling you something. He likens it to buying a used car. You will make a better choice if you get input from the mechanic down the street, not just the salesperson on the lot.
Threats are real and growing, but all the FUD (fear, uncertainty, and doubt) spells “business opportunity” to some, and certain businesses use FUD to market and sell products. This means buyers need to be extra diligent.
When seeking a cybersecurity partner, look for someone who has actually defended an organization—“someone who has looked evil in the eye and understands the mindset of an attacker,” says Lehmann.
“Cybersecurity is not a competitive sport, and it shouldn’t be,” Lehmann explains. If you don’t know what to do, consider the people around you who might. Reach out to other companies in your industry, even competitors, to discuss their approach to security. Smaller companies should not be afraid to connect with larger, more sophisticated organizations. In Lehmann’s experience, most cybersecurity practitioners welcome the opportunity to help others
Backing up data doesn’t prevent an attack—it does mitigate damage in the event of one. Establish a backup system and test it to ensure it is working. Remember, it is not just cybercriminals that could compromise your business. A national disaster, fire, equipment malfunction, or an employee error could also jeopardize business-critical data.
You may not have a budget for the Rolls-Royce of security solutions, but at least invest in the basics. This includes installing and regularly updating antivirus and anti-malware software on all devices; requiring employees to use strong passwords; using two-factor or multi-factor authentication; installing a firewall and ideally, monitoring it; and limiting employee access to business-critical data.
Business leaders assume employees understand cybersecurity best practices, but that is not always the case. Safe digital habits include:
These are just a few tips to get you started. For additional tips, visit https://staysafeonline.org/, and, of course, business owners should seek guidance from a professional.
Sponsored by Studio/B
The biggest cybersecurity risks threatening Boston-area businesses right now
The future of cybersecurity: The good, the bad, and the scary
Defending the vote from threats old and new
Why Boston is a cybersecurity hotbed
How trust endangers your digital privacy
This content was produced by Boston Globe Media's
Studio/B. The news and
editorial departments of The Boston Globe had no role in its production or display.