Why Business Owners Need to Be Open About Cybersecurity
Openness about cybersecurity issues has become essential. The more people talk about cybersecurity, the more alertness will be present. But, unfortunately, many business owners do not share the actual dangers and challenges that cybercrime poses to their businesses and employees. This article will show you why you need to be more open about cybersecurity, whether you’re a small business owner or a large one.
Why Being Open About Cybersecurity Matters
You may not understand why openness about cybersecurity matters. For many business owners, it makes more sense to keep cybersecurity struggles as quiet as possible. The logic goes that keeping your challenges a secret makes it harder for hackers to breach your security in the future.
The truth is that sharing challenges that your business faces can be beneficial. Being open about your cybersecurity challenges makes it much easier for others to do the same. On top of that, it can shift the tone of cybersecurity conversations, making it easier for employees to talk about and remain more vigilant in the future.
Part of the reason that this works is related to how we treat conversations on cybersecurity currently. In many cases, the blame for cybersecurity failings is aimed at human error. When it comes to phishing, it’s typical for experts to warn employees not to make ‘simple mistakes.’ This shifts the blame to employees and makes it seem like they’re entirely at fault in the event of a breach.
Truthfully, social engineering can be incredibly sophisticated and can work against almost anyone. However, when we make it sound like the fault is only with the victim, it makes victims less likely to discuss these dangers.
An Example of Openness About Cybersecurity
Rutledge Daugette – CEO at Techraptor/COO at OpenCritic
Rutledge Daugette is the CEO of gaming news site Techraptor and the COO of reviews aggregator OpenCritic. In managing his two successful websites, Rutledge has become a target for several types of cybercriminals. Recently, he shared some of his struggles with cybersecurity via his Linkedin page, prompting a positive response from the community.
Hackers appear to have sent Mr. Daugette a phishing attempt in the form of an email. The hacker sent an email posing as an automated message from Cloudflare, a website protection and security company. Knowing that the target ran several websites, the hacker chose their method of attack very carefully. Mr. Daugette even admitted that the hackers chose well, as Cloudflare is the backbone of his business.
After he made the original post, members of the community shared their positive response to his openness on cybersecurity issues. For example, Kevin Ransdell, a financial systems manager, said:
“I love when senior executives talk about the challenges THEY have with security. It takes something for a lot of employees that seems like “Don’t do the obvious stupid thing” to “We’re under attack and this is hard.”
That change in tone alone makes it easier to talk about security and makes people more vigilant.”
A Word from Rutledge Daugette
We spoke to Mr. Duagette about why he thinks empowering employees in cybersecurity is important and what business owners can do about it.
“The greatest tool any company can have in order to protect itself, is knowledge and training for its staff… 10 years ago, the greatest fear was malware and viruses, but today social engineering attacks are the #1 thing that IT firms are seeing. If you provide your team the tools for success, such as MFA and regular training and testing – you reduce the likelyhood that your people can fall victim to these increasingly complex and targeted attempts to access company (or personal) data. Whether you subscribe to training or not, talking with your team about these cyber threats and implementing effective policy, such as requiring a phone call for any financial-based e-mail requests, may save your company a lot of time and money.”
As well as running several successful websites, Mr. Daugette also works in the cybersecurity industry. He works as a Technical Account Manager for GadellNet, where he deals with cybersecurity concerns daily.
How to Be More Open about Cybersecurity
One of the guiding principles of good cybersecurity is controlling the amount of data you leave online. At first, it may seem like this principle works against openness in cybersecurity matters. After all, if you’re supposed to limit what you share, why would you share how you’re vulnerable?
The way around this is to learn to share data in a way that works for your security, instead of against it. In the example above, the only information revealed is that a phishing attempt was made and failed. Rutledge covered all of his data, ensuring only the vital information was publically available.
If you want to be more open about cybersecurity, share with your employees or social media when a vulnerability is closed or when you rebuff a social engineering attempt. Cover all of your personal information before posting, and you’ll end up with a post that acts as a warning for others.
When you share a closed vulnerability or failed phishing attempt, you’re both aiding others against those same attacks and potentially reducing the number of those attacks that happen in the future. Solo hackers tend to be opportunists. When they see that a method won’t work against you, they’re prone to moving to another group or target. Cybercrime is an arms race, and sharing how to beat techniques is a big part of winning that race.
Featured image by ESB Professional from Shutterstock.com