Fellow entrepreneurs often ask me if going through a comprehensive security audit is necessary for them, considering that theirs are relatively small, young organizations. Their argument for not conducting such an audit is that hackers will find nothing there of interest. Most information they hold in their emails, or in their online profiles on sites like LinkedIn or Twitter, is pretty benign, these entrepreneurs say.
I get it. The logical belief is that while it may be just as easy -- or easier -- for hackers to go after smaller, less sophisticated outlets, there’s nothing of value that they'll find there. Sensitive information, like bank statements, tax returns, company contacts and employee payroll information is securely stored by the companies' service providers.
The risk of damages from an attack, if it occurs, is surely minimal.
I disagree. The reality is that all your information is important to someone who can quickly piece together what you see as relatively innocuous. Hackers can then turn this information into something that could do significant harm to you and your company.
We saw this not too long ago when Russian hackers infiltrated the Pentagon email servers. Federal officials quickly noted that none of the agency's secure servers had been penetrated; but the information obtained, while unclassified, still offered valuable insights to the enemy. What's more, the Defense Department spent significant time and money shoring up its security system's vulnerability and analyzing the threat.
Let’s take an example closer to home and apply it to our business world. Say you’re heading out on a trip someplace you’ve visited several times before with family. Certain hotels, restaurants and attractions have become regular stops for you. Many of us (myself included) will want to tell our beloved Facebook friends about it. And, yes -- though this is a “full-on” vacation -- you, like the rest of us, will still stay a bit connected to work because that’s what entrepreneurs do.
This is all fine but should be done with the understanding that almost anyone else will be able to see that information as well. Something north of 1.2 billion active monthly members, 750 million daily users and 945 million mobile users are on social media platforms. So, when you tell your friends where, when and how you are going to your “favorite vacation spot” yet again, that information can be the perfect opportunity for sophisticated networks to uncover patterns in your activities. Those patterns may prove beneficial to parties aiming to spot vulnerable access points where you connect with your laptop to "check in" on things.
Once hackers gain access to your device at those outlets, they will undoubtedly see your conversations with employees, customers and strategic partners. While those conversations may not be of national security importance, they will provide insight into the activities of other individuals in your network, ones who actually do hold secure data.
The point of the illustration is this: Hackers love to obtain all kinds information, even unclassified data. So, let’s not forget who the enemy is. Contrary to stereotypes, hackers do not live in their mothers' basements staring at a homemade computer all day because they have nothing else to do.
Rather, they have the means to capture a seemingly infinite amount of data in short order and are part of sophisticated, organized global syndicates that are well financed, expertly trained and bent on disrupting -- if not taking down -- governments and corporations around the world.
Given that fact, you might want to reconsider your assumption that your company is "too small" for its information to be of interest to outsiders. Because you may be wrong.
Why Hackers Go After All Your Info, Not Just the Important Stuff
'Venom' Vulnerability: Serious Computer Bug Shatters Cloud Security
Cyber Insurance Offers More Than Just Protection Against External Cyber Attacks