Why is it so Hard to be Secure?


Does your company have trouble with users following your managed service provider’s best security practices and industry standards? If you answered yes, you’re not alone! In fact 95% of breached records came from only three industries in 2016; government, retail and alarmingly technology! There’s also a hacker attack every 39 seconds according to the University of Maryland, and 43% of cyber attacks target small businesses. Surely, you know of someone whom has faced the repercussions of a crypto attack, paying the ransom or restoring their files? It’s become almost common practice, and that’s a sad feeling. What’s even scarier is the predicted average cost of a data breach will exceed $150 million dollars by 2020!

So with all this statistical knowledge, why then is it so hard to be secure?! One would think you’d tighten up the reigns of your network like Fort Knox! Why then do we allow our employees to use the same passwords over and over or make them the top common passwords to guess? Why do we allow access to ALL the shared folders and why aren’t we doing more to protect our networks with business class security appliances or taking anti-virus and anti-malware programs more seriously?

I’ve been in this industry for over ten years and can tell you, a sticky note with the password to a program that houses customer data under your keyboard is not secure, nor are sticky hints leading you to the password. Cursing windows updates instead of making them part of your daily or weekly regime is the wrong attitude to have, and not knowing the difference between a weird phishing email and one that is legit will eventually land you right in the statistic bucket of just another data breach.

Listen, breaches are not “just a part of your business” and you shouldn’t “just get used to them” and let the bad guys win. Stolen records lead to companies going out of business and subpoenas from angry customers. It’s great to have cyber insurance, but wouldn’t you rather never have to rely on it? Being secure is easy, perhaps tough to roll-out but nevertheless simple in nature once you have the know how.

Ask yourself these questions, and if you answer no to any of them, it’s time to start getting serious about security and protecting your business.

  1. Are your employees trained in cyber security and do you test their knowledge?
  2. Do you have a computer use policy in place?
  3. Do you have a security policy in place?
  4. Does your company use a business grade firewall?
  5. Are you using DNS protection?
  6. Do you have a fully licensed and working Anti-Virus program installed on ALL of your computers?
  7. Do you limit Domain or Admin access to your user’s domain and/or local accounts?
  8. Do you force your users to change their passwords often and use something other than password123?
  9. Are your computers more than 5 years old with outdated operating systems?
  10. When is the last time you ran windows updates?

This information probably feels overwhelming, and that’s natural, but it’s not overwhelming for me or my team as we live and breathe it every day!

So why is it so hard to be secure? Probably because you just don’t care.