Is Any Company Safe From Cyber-Crime These Days?
It’s not just Democrats or Donald Trump who need to worry about cyber-criminals from Russia; your organization and its customers are likely at risk.
Cyber-security is an issue that’s not going away any time soon, according to Israeli technology and cyber security expert, Saar Cohn.
Last October, huge sites like Twitter, Netflix and Spotify went down thanks to a massive cyber attack on domain provider, Dyn. According to an article in Fast Company, attackers were easily able to take over tens of thousands of home-based or small office devices that had poor security to mount the attack.
We all know cyber attacks are a risk, and that we should be doing more to protect the security of our own information and that of our customers. And yet…
Few Companies Are Protecting Their Data Well
In a recent episode of the Frank Reactions Podcast on Customer Experience I interviewed cyber-security expert, Saar Cohn. He’s worked for huge international organizations like l’Oreal and Israel’s Defense Department.
One of the most famous stories in the field of cyber-security and cyber-crime involved the U.S. retail chain Target. Hackers managed to steal 40 million credit card numbers. In the shady world of cyber criminals, every card is worth on average $6. Potentially the hackers gained around $240 million.
But Cohn says that’s small change compared to the overall damage they did to Target, which is estimated to be in the billions of dollars. It includes customer claims, a crash of share value, and resignations of senior management.
The Target breach was a turning point in how cyber-crime was perceived. Until then, it was the problem of the folks in the corner taking care of IT. Now more people understand that it’s a problem of the CEO and the Board of Directors, and they’ve got to take it seriously.
“You need to acknowledge that you are going to be breached or that you’ve already been breached and don’t know about it.”
It’s only a matter of time, says Cohn. And passwords aren’t enough to save you (or your customers).
So how can you minimize the risks, and the damage if you do get hacked?
Tips for Preventing a Cyber Attack
1. Decide what is most critical to your operation.
What would kill your business if it went down? What would be almost impossible to recover from?
You can’t effectively protect everything, so focus on the mission-critical parts of what you do.
2. Don’t be overly pressured by the cyber-security vendors.
They make their living by scaring the living daylights out of all of us. In fact, if you buy too much security software and hardware, you can end up lowering your security!
Because if you are screening everything there’s so much “noise” in the data that you either get paralyzed or you start turning the warning systems off to shut them up. Result? There’s no “noise” and you think everything’s OK, when it isn’t.
3. Train your staff on cyber safety.
It’s a lot easier to fool humans than machines. Most cyber attacks succeed because of human weaknesses, such as wanting to help a stranger on the phone who seems to know what they are talking about, or being tempted to click on a link in an email when you really shouldn’t, or using default passwords like “admin”.
Most security breaches are caused by human error. #cybercrime
4. Keep your software up-to-date.
As annoying as it is to have to keep updating, it is necessary. Cyber-criminals are finding loopholes to exploit as fast as software makers can fix them. You must not fall behind.
Of course, you also have to teach yourself and your staff how to know the difference between a legitimate software update and one that’s just pretending to be.
5. Use strong passwords.
In our interview Cohn said passwords are basically useless. But only in the sense that a determined criminal can get past them. But just as locking the door of your house makes you a less likely victim of a break-in, using a strong password will deter attackers looking for an easy hit.
6. Be careful about what you put online, in email or in other electronic files.
As Cohn puts it,
If you don’t want something to be on the front page of a newspaper, don’t put it in your email.
What To Do If You Do Suffer a Cyber Attack?
Have a plan in advance for how you’ll deal with it.
The same sort of crisis management we’ve discussed in other episodes of the Frank Reactions podcast apply here too. Key to a good response is being able to move quickly, and that’s hard to do if you haven’t planned.
It’s going to feel awful to have to tell your customers that their privacy has been breached. But stalling or trying to hide it will only make things worse.
Far better to admit it quickly, apologize, and tell them how you plan to fix the problem.
Don’t punish your staff.
This may be the hardest one of all. But if people are afraid they’ll be punished, or even fired, they’ll do everything they can to hide their mistake.
If they do:
a) it will take you longer to discover, so more damage will have been done in the meantime,
b) they may do further damage while trying to cover their tracks, and
c) if they do manage to hide, the organization won’t learn from the mistakes that were made.
In the aviation industry they decided decades ago that they had to stop punishing staff for mistakes. In fact they even set up a system to encourage reporting of near-misses, so the whole industry could learn from them. As a result, accident rates went way down. The same effect has been shown in health care when it’s been tried.
So, cyber attacks are now a part of life. You’ve got to accept that reality, prepare for it, and know how to both minimize the risk and act swiftly if and when it does happen to your organization.
Increasingly customers are going to be looking at how companies are handling cybersecurity when they decide where to buy.