Imagine a time when you didn't have to hear -- ever again-- the words cybersecurity, breach, or you're at risk. These all too familiar words have become part of our daily stories. Unfortunately, they aren't going away.
Risk exposure is the currency we trade for convenience and access to instant everything.
There is so much information, so many experts, and only so many hours in your day to make sound security decisions. And sometimes this means incomplete facts and flawed assumptions.
We love to hear both questions and confident assumptions. It's an opportunity to fill in the blanks, eliminate costly confusion, and share with you what we're continually learning.
Here are three actual conversations we've had recently that you might find helpful.
1. Our employees don't download anything so we're not concerned about malware.
This statement came from a company who, not long after saying this, suffered a serious internal data breach.
There was a time when you were told by the tech folks never to download anything from an unknown website. That's where malware and viruses come from, they said. While this is still valid advice, website downloads are only one very small part of the malware scene.
There is a long list of malware sources that you are continuously exposed to such as:
2. When I enter an incorrect password a certain number of times, I get locked out. Why doesn't the same thing happen to a hacker?
That's a great question. When my neighbor Robert asked me this last week, it reminded me how we all use what we know and our personal experience to draw conclusions.
I explained to Robert that hackers don't necessarily login to an account the way you do. Instead they are continuously scanning networks, wi-fi connections, devices, and more, looking for an unsecured opening. These unprotected backdoors are low-level settings that most of us aren't even aware of. That's what hackers are counting on.
And yes, responsible password management is still absolutely essential. Cracking and harvesting passwords are lucrative child's play for hackers. Your compromised passwords make their way to the dark web and are quickly sold. By the time you discover your passwords have been compromised, the damage has been done.
3. I check the company's bank account often so I know we haven't been hacked.
This statement stopped me in my tracks. It was another startling reminder of how easy it is to leap to risky, flawed conclusions without the right information.
Hackers don't simply login to your bank account and write themselves a check. The payday they are looking for is the much more lucrative ransomware check they will demand you write. This comes months after they have quietly been sweeping your network and devices for your valuable data.
Seemingly random pieces of data lead to breaches that extend far beyond your immediate device or company network. As we've shared in the past, we all have an obligation to protect not only our internal data but also the data our clients trust us with.
Takeaway
There's no doubt that security awareness feels tiresome and overdone. Just think of security as a responsible habit like locking your front door, eating your vegetables, and looking both ways before you cross the street.
is a lifelong curious learner who believes a knowledge-first approach builds valuable client relationships.
She is fueled by discovering the unexpected connections among technology, data, information, people and process. For more than four decades, Linda and Quest Technology Group have been their clients' trusted advisor and strategic partner.
Linda believes that lasting value and trust are created through continuously listening, sharing knowledge freely, and delivering more than their clients even know they need.
As the CIO of their first startup client said, "The value that Quest brings to Cotton States is far greater than the software they develop."
Linda Rolf is a lifelong curious learner who believes a knowledge-first approach builds valuable client relationships. 