Cybersecurity: Are You Protected or Just Proud?
June 26, 2018 by Bill Rosenthal

Lock on circuit board

When was the last time you considered reviewing your company’s current cybersecurity strategy and plans? If you haven’t thought about it in a while, chances are that you are probably at risk. 

In this ever-evolving threat landscape, your organization cannot afford to sit and feel proud or complacent in the fact that your current cybersecurity strategy is good enough. Far too many companies believe that once these plans are made, they do not need to be regularly revisited – and this leads to their demise. In reality, this could not be further from the truth as the cyber landscape continues to change and new threats arise every day.  

How do you know if your organization is truly protected or just proud? If the questions below apply to your company, you should revisit your strategies.

  • As an organization that has never been hacked, our cybersecurity plans are obviously working and we know where our sensitive data is located. Why should we change anything?– There is no way to guarantee that your data is totally secure against the most current threats without constant updating. There is also no real way to be totally certain that your data has not been compromised in transit, so it must always be monitored.
  • Our firewalls will keep hackers from accessing our data, so we don’t need encryption. Also, if something does happen, our intrusion detection will alert us.– This is a dangerous mindset for organizations to have. Making the assumption that data breaches can be prevented and handled by simply protecting the security perimeter is an outdated and unrealistic idea. Data breaches are a case of “when,” not “if,” which means that organizations must plan for how they can contain a breach to minimize damage rather than just assuming that they are protected. The average time it takes for a breach to be detected ranges between 120 and 150 days, so thinking that you can rely on data intrusion tech is also not realistic.
  • We are compliant when it comes to GDPR and other regulations, so our data is secure. - Compliance is very important, but it is not a replacement for an overall security plan that is updated regularly. While complying with these regulations will obviously help prevent your organization from facing their associated financial penalties, it will not help you any when facing the massive costs of a data breach of sensitive data. Without a proper security plan in place, your organization could face total destruction and financial ruin.
  • We provided our employees with cybersecurity training a few years ago, so we should be protected.– The reality is that as long as threats continue to evolve, your cybersecurity training will have to progress as well. What may have been an effective method for protection a few years ago is probably outdated or ineffective against the more sophisticated threats of today.

The best time to figure out if your cybersecurity plans are updated and working is now – before a cyberattack occurs. To learn how you can keep your employees updated on the latest cyber threats and they can recognize and avoid the most common cyber risks with our CyberSAFE™ training programcontact us today!