The Data Security Myth
Data Security is a constant hot topic in many of my day to day conversations with technology and business leaders, "We don’t want to be the next company name spread across the business pages because of a data leak", they say. The potential impact of data loss, to you personally and to your business, is significant, so surely we are all taking all the steps we can to protect our most critical asset, our data, aren’t we?
But if we all where, I wouldn’t be writing a post called "The Data Security Myth" would I!?
At the minute we are delivering free educational events for local businesses in both Liverpool and Manchester to share tips on how to ensure we protect our data the best we can, you’d think we wouldn’t still need to be doing this kind of education wouldn’t you?, what with the constant reminder of cyber threats and the regular high profile data breaches that make the news. But of course the threat evolves, even for the most security conscious of businesses, this constantly changing landscape is a real challenge. But the biggest challenge is, amazing as it seems, not all businesses necessarily take the data security threat as seriously as they should.
I saw this great infographic on LinkedIn last week (apologies if you posted it and I’ve pinched it, I didn’t make a note of the source, so thanks for posting it if it was you!) and one thing in particular, stood out “70% of cyber crime is preventable”, which begs a question doesn’t it, if 70% of these issues could have been prevented, why on earth weren’t they?
It’s a good question and from experience the answer tends to fall roughly into one of three categories and it is these three that are often the cornerstone of many a “data security myth”;
I’m not a target, no one is interested in my data
Data security is just too hard
But I don’t know where to start
It’s that first one that is perhaps the most dangerous and popular of the myths, why so? I hear you ask.
The view that you’re not a target, allows the other two issues to be easier excuses to accept for not protecting your data assets, for example, you may feel data security is too hard and if your view is, the risk is so small as no one is interested in me, then it becomes convenient not to really bother overcoming those perceived difficulties.
Let’s have a look at this myth and….
Why you should consider yourself a target?
Maybe you’re unlucky
You indeed may not be a specific target, but you don’t have to be…
“I’m not a target” is a popular refrain for many, especially smaller companies and potentially those who don’t see their use of technology as key, but for many of us we realise the problem with that statement, we are all potential targets for cyber crime because of the varied nature of the threat.
You indeed may not be a specific target, but you don’t have to be, malware and viruses are still a huge threat, these kind of “drive-by” attacks are still very commonplace, from the annoying through to the potentially expensive and business threatening ransomware type attacks.
These attacks are often random in nature and it is this that puts us all potentially at risk.
What about the threat to your customers?
Another issue to consider is that maybe you are not the end target,a cyber criminal doesn’t have to be interested in you, what about your customers?
Who do you work with that may be a much higher profile target?
Let me give you an example, there is a legal firm I’m working with to help develop their data security polices, they are the definition of a small business in size, however, they are very good at what they do and they work with some of the largest and well known businesses in the world. Because of this, they are also very sharp around their security requirements, they cannot afford to be casual in their data security approach, because they know, if they are impacted by a cyber incident, this potentially exposes their customers and if that happens, just once, it potentially destroys their business over night.
One day your customers may just demand it
The other side of the above example is that your customers aren’t stupid and not unaware of the data security threats that are out there. We are increasingly seeing customer driven pressure forcing many businesses to review and take more seriously the data security threat, or at least to do that if they want to retain their customers.
This supply chain driven approach, demanding tighter security from suppliers, is fully understandable. You don’t want to put lots of time, effort and financial investment into your data security and then let one of your suppliers drive a bus right through the middle of your carefully honed data security systems.
That’s just a handful of the reasons that, if you started reading this thinking, “I’m not really at risk”, they will hopefully make you re-evaluate the cyber risk presented to your business. Once you’ve done that, hopefully, those other myths we listed become issues that are now key to overcome. The good news is that, in reality, taking the right steps to protect your data and your critical business assets is not too hard (have a read here how Microsoft Cloud is making data leak prevention easier for customers) and there’s plenty of great advice out there to help you get started.
If this post has got you thinking and you still want to learn more about how to overcome some of the data security myths and challenges out there and are in the Liverpool or Manchester area, please feel free to join us at our upcoming events. If that doesn’t work for you, as always you can contact me in any of the normal ways, via the BLOG site, Twitter or LinkedIn and I’ll be more than happy to chat.