Cyber wellbeing is a new set of critical skills and concepts for business owners and managers that many of us are not yet familiar with. Your business’s cyber wellbeing, one of its critical vital signs, is just as important to your business’s health and longevity as your business’s financial wellbeing. This blog post is the first in a series in which we will educate business managers and owners about cyber wellbeing concepts using real world business examples. We will explore compromises, lessons learned, available technologies, and success stories to help build your understanding of what cyber wellbeing means to your business.
Most of us have weekly reporting dashboards to measure the financial wellbeing of our business. These dashboards show us cash flow, client acquisition numbers, marketing program performance, inventory availability, sales, and many other critical performance metrics. We know that any of these numbers can significantly change the trajectory of our business and that they need constant monitoring. Today, most businesses have no regular reporting or insight into their cyber wellbeing. They have limited visibility into how they are complying with their own policies and security programs. This makes it hard to respond to changing risks that come from operational and technological changes.
A system compromise can have devastating effects on a business. The costs of business disruption, cleanup, legal fees, addressing liability, and insurance claims are just the start of a tsunami of problems. Loss of intellectual property and destruction of credibility can be the death knell for many businesses.
The risks are real and the consequences are dire. The current dynamic is driven by the lawlessness of the Internet, the deep pockets of large corporations and insurance companies, and the lack of oversight of cryptocurrencies. Businesses around the globe are potential targets and attackers face little in the way of consequences as they cash in on insurance claims and collect and move their bounties through traceless cryptocurrencies. Every business needs to up their game and start paying attention to the concepts of cyber wellbeing.
Cyber security and cyber wellbeing should not be looked at as just another cost center. Businesses need to look at these efforts as a key way to increase their value to investors by demonstrating financial viability and business health. Also, it can be a competitive advantage as many businesses have successfully bolstered their growth strategies by establishing credibility in demonstrating their compliance with standards like the NIST Cybersecurity Framework (CSF). Principles of cyber wellbeing are becoming part of business contract requirements and investor due diligence.
We’ve heard many business owners and managers say that the costs of establishing good cyber security are too high. And correctly, they will wonder what the actual risk is given their small size and relative obscurity.
“Why would someone attack us?”
News headlines are filled with large public companies getting compromised, not small businesses. Evaluating the true risk is made even more difficult because the statistics for small business incidents are not clear. Most businesses who suffer cyber attacks do not make these events public to avoid embarrassment, liability, and damage to their reputation. There are many fear mongering “facts” such as 60% of small businesses close after a breach. These statistics are frequently repeated during sales calls and marketing campaigns but are unsubstantiated and misleading, making good business choices even harder.
Understanding the true risk to your business is difficult. Many people falsely believe that their cloud providers and SaaS applications have security baked in – that they’ve outsourced their information systems and don’t need to worry about the risk. But we must start thinking about these providers like utilities. Once that electricity or water is in the house, it is up to us to maintain safe living environments. In the home, this is accomplished through protective systems like GFCI outlets, fire detectors, and building codes. Businesses need these same types of systems (or “controls”) including policies, procedures, and protective systems to ensure their computing environments stay safe, too.
Establishing your business’s current risk and understanding your business’s cyber wellbeing starts with a good assessment tool based on standards from entities NIST, CISA, and AICPA. These assessment tools help businesses identify and codify important policies, procedures, and protective tools to wrap around your information systems. Once you understand your cyber wellbeing starting point, you can properly understand your risks and choose appropriate tools to help secure your environments, provide needed visibility and provide meaningful and timely reporting.
We would love to hear about your experiences and any questions you may have. Please post your comments and questions below! Armed with a new understanding of cyber wellbeing, together we can help protect and build your business.