Cybersecurity is not a thing you buy, like a firewall or the latest anti-virus package.
Although, you do need these things.
And, cybersecurity is not a project with a specific end date, like your PCI, HIPAA or other compliance deadlines.
Although, you need to achieve compliance, too.
Cybersecurity is a Journey
We all need to adopt the mindset that cybersecurity is not something you buy—it’s what you do, every day.
Cybersecurity isn’t a destination or a thing you purchase. It’s how you travel to the places you want to go: More customers, bigger profits, etc.
Think of it this way: No one uses a money belt because it makes a fashion statement.
You get one because you’re about to go into dangerous territory and you don’t want to lose your passport and cash. And you avoid digging into it in a public place because you don’t want pick-pockets to know.
How Dangerous is Your Journey?
Look at these guys hanging off this train:
Notice most of them are smiling or wearing very confident expressions. Just like these guys, most executives don’t realize how dangerous their cybersecurity journey really is!
I’ll bet a lot of these guys could afford a safer seat inside one of the carriages if they could reserve one.
What about your company? Are you taking excessive amounts of cyber risk? Should you be sitting inside one of the train cars? It doesn’t have to be a first-class seat.
Maybe a coach class seat is good enough.
We’re Really Talking About Cyber Hygiene
The germ theory of disease makes a good analogy for cybersecurity.
Until about 200 years ago, we didn’t know that germs are what caused diseases like Cholera.
And today, people seem to be unaware of what allows cyber criminals to get into their computers or their data.
In short, we need to do a much better job of washing our digital hands.
Several times each day.
What Is Good Cyber Hygiene?
There are many aspects. At home, it includes:
- Installing the latest security patches
- Using long, complex passwords
- Not using the same password on multiple websites
- Turning on two-factor authentication everywhere you can
And, at work, it also means:
- Knowing your top risks and managing each of them
- Staying up-to-date with the latest cyber risks to your industry
- Having a response plan for major cyber incidents and practicing that plan three or four times each year
- Buying cyber insurance
- Having strong indemnity language in your contracts
Just doing these things will make it much more likely you’ll get to where you’re going.
Cyber Risk Opportunities helps make the cyber journies of middle market companies safer by prioritizing and reducing your top cyber risks, including the specific requirements of PCI, HIPAA, SOC2, ISO 27001, DFARS, and more.
Get in touch today to learn more and take advantage of a free 30-minute Q&A session with one of our cyber risk experts. Call 253-332-7867, or email us at firstname.lastname@example.org.