News

red flag

Common Cybersecurity Red Flags

We recently did a piece in Arkansas Money & Politics on red flags in how companies handle their cybersecurity programs. We regularly meet companies about their cyber risk and they come to us in various configurations of preconceptions, implemented tools, internal expertise, and willingness to change. You may think we just come in and throw a bunch of tools together for our clients, but often our main task is to educate.

Companies focus on cybersecurity for a few reasons:

  • They have a regulatory compliance requirement.
  • A client or partner requires it.
  • A decision maker genuinely desires to protect their clients, employees, trade secrets, and other sensitive information.

One thing that business owners and decision makers often get wrong is trying to take this all on themselves. We've seen so many companies without a single IT or security knowledgeable person trying to bang out a cyber risk program all on their own.

This is partially our fault in the tech industry. For decades now "we've" been advertising IT (and more recently, cybersecurity) as something "so easy a cave man could do it." That's not really us, though. It's the marketers and salespeople at these giant, profit-hungry corporations.

Common Cybersecurity Red Flags

Some of the most common mistakes we see are:

  • Focusing on the tools rather than the overall program. The tools are only a small fraction of the program. The structure is more important for broad coverage and cost effectiveness. Also, you'll go out of business just buying tool after tool. Cybersecurity software isn't priced for small businesses.
  • Misunderstanding a security requirement or control. Most business owners haven't worked across every compliance requirement on Earth nor have they assessed compliance in hundreds of businesses and organizations. We have. We know what they mean.
  • Not considering the added workload of building a program. We know what it takes and we take a majority of that work off your shoulders. We'll keep you involved where necessary, but we do the brunt of the work for you.
  • Not considering the impact to your staff and operations. We can build your program as fast or as slow as necessary to minimize impact on your business. Some businesses can handle (and need it) right now, others need to slow roll to ensure it doesn't affect production.
  • Thinking that security is an on/off proposition. It's not. Cyber risk management is more of a dimmer switch. We help you find the right mix of risk and convenience to meet your needs and reduce your anxiety.

Those of us who are truly in the know, know that professionals exist for a reason. You don't cut your own hair, fill your own cavities, or represent yourself in court (at least we hope you wouldn't!). So why would you try to do something so highly complex with regulatory, psychological, and technical aspects to it?

If we aren't already on your team, give us a call. We'd love to chat.