National Cybersecurity Month: Protect Your Assets
It’s National Cybersecurity Month. You’d hardly know this momentous occasion was coming: in September of 2017, we kept waking up to headlines about hacks at major outfits such as Equifax, Deloitte, and the SEC.
All these entities “should know better.” They probably had layers and layers of plans in place. Their plans probably aimed at security for the benefit of their third-party constituents. They see the same headlines we all see, their lawyers tell them “you should do this so you don’t face angry consumers.” Their planning focused on liability avoidance.
Cyber planning IS important. The reality for most companies, though, is that the real value of planning is that it allows you to protect your own assets. Most companies will never be the subject of worldwide headlines and consumer class-action suits about a hack of their networks. Hackers routinely penetrate the networks of companies large and small, but the true danger for most companies is not a loss of consumer data. It’s that their own assets may take a hit.
Paying attention to cyber matters will be increasingly important as these major players continue to take very-public hits: it gets harder and harder for even small companies to say, “I never thought it could happen to me.” But the resources directed to information security planning don’t have to be all about network penetration and bells and whistles. They don’t have to be fancy and only capable of implementation with a huge legal, IT and risk management staff. A lot of problems can be avoided by simple process tweaks and employee awareness and training.
Consider the company customer records: they may not have any “personally identifiable information” in them, the loss of which drives the massive breach headlines we now see so routinely. But they probably contain pricing, discount information, volume and tiering plans, sales cycle data, and other material that would make you vulnerable if it got leaked.
Now consider that information in an Excel spreadsheet, not protected by encryption, role-based access, or even a password. How easy would it be for someone to email that outside the company, whether accidentally or on purpose?
Think it doesn’t happen? It does. I’ve had multiple clients face some variant of this spreadsheet email in the last three years. It’s disruptive, it’s expensive, it’s embarrassing, and it’s got the potential to lead to liability. Most importantly, it’s compromising your “secret sauce.” Why wouldn’t you spend some time on planning and training and shoring up a few easy practices to prevent this kind of event?
If you are a small company looking to grow, and looking for a buyer, having your assets protected is important to your value: that’s why you’ve registered your intellectual property, for instance, and put contracts in place to protect it. If you are a company at scale, protecting your assets is about investing in your stable returns.
None of this is expensive or scary or overly “techy.” It’s just good business sense.
- Data Privacy
- Data Security
- Government Investigations
- Limited Government
- FAST Act
- JOBS Act
- Public Policy
- Intellectual Property
- Social Media
- Employment Issues
- Non-Profit Organizations
- Due Process
- Political Philosophy
- Risk Avoidance
- Risk Management
- Regulation A+
- Renewable Energy Around the Web
- In-House Counsel
- Mergers and Acquisitions
- Real Estate