As a board director with cybersecurity experience, I always advise a company that no matter what they do the company will be hacked.
Gartner research suggests that 60% of companies that lose their data are not in business after five years and according to the U.S. Cyber Security Alliance, 60 percent of small companies that suffer a cyberattack are out of business within 6 months.
A company must decide the data that they must protect and the data that they want to protect. The cost is usually prohibitive to protect all the company data. Depending on the size of the company, each company will take a different approach. The common denominator is: All companies must have a cybersecurity policy and all employees from the receptionist to the C-Suite executive team must be trained in this policy.
Here are a few questions for management to ponder:
- Do you know what information you need or want to protect?
- Is your data not only archived, but also organized for rapid retrieval?
- What is the relationship between onsite and backups or cloud-managed data?
- Do you have a data security plan and policy?
- Are all employees trained and continue to be trained in this policy?
- What happens if your customer’s data is compromised?
- Do you have the proper in-house staff and outside consultants? (PR, Lawyer, technical personnel in case of attacks)
- Does your company practice what to do if hacked? (like a fire drill)
- Does your company have proper backup procedures?
- How long would it take to get back up and running after being hacked?
- Does your company try to restore its data at least once a year? (This can be done through a simulation.)
Obviously, the better handle you get on all of your data and the systems and people that manage this data, the better off you will be in the event of a cyberattack, data breach, or hardware or software malfunction.
What questions are still unanswered in your company?
For more on preventing cybercrime, read my article: 8 Strategies for Dealing with Cyber Risks
P.S. – Do you need an Outside Director, Advisory Board Member, Trusted Advisor, or Interim CEO? Someone who can help you see your business and your goals through “Fresh Eyes.” Contact me and I will work with you to look at where you want to go and help you find the best way to get there. Sometimes all it takes is someone with a fresh viewpoint, unencumbered by company politics or culture to help find the right solution.