Our company graciously provides first-class health coverage to team members and their families. One aspect of our health plan is the opportunity for each member to have an annual check up. As I have gotten older (and wiser, I hope), I have taken advantage of this perk in hopes of getting an early jump on something that could impact my physical health, ability to work, and ability to provide for my family, etc. Common sense, right? But what the heck does this have to do with cyber security?
Recently, I received an urgent call from one of our customers who found hackers had been in their network environment for weeks and most likely months before they became aware. Over the years we have been discussing the importance of conducting regular IT Security Health Checks both internally and at least once a year by engaging a third-party professional firm. The response was either (1) we just don’t have the time, (2) we don’t have the money or, my favorite, (3) we haven’t been breached yet.
Well, now that they had been breached, no excuses remained, and they quickly spent over $1M in the first 60 days of the breach being identified just figuring out what went wrong.
A lot of organizations seem to take the “I’ll wait until something happens” approach. This is similar to the approach of “I’ll buy life insurance to protect my family after I have died.” While I admire your intent to protect your family and save a little money, your implementation ignores the inevitable and in the end does not protect those who are most valuable.
Had our customer made a relatively small annual investment in time and money, they could have prevented the issue that, even today, is still having ramifications on their business operations, revenue, and profitability.
Data security is not a one-time thing. A little bit of doing the right thing today can prevent a big thing from occurring later on.
Do you need to lose some weight? Oh, sure, some people hate to equate anything to weight loss, but others are really into it. So they have set times to weigh and monitor any changes to their health statistics. They watch what they eat, monitoring activity and any errant cheese puff or cream-filled donut that might breach the system. And they exercise, establishing preventive measures that ward off negative outcomes from chips-and-salsa attacks. Yes, these happen. It’s just not as bad as it could be.
By doing the little things today with their health, the weight-minded may prevent a big problem going forward. The same is true with your data security.
So whether you’re trying to prevent having to buy a bigger belt or just simply wanting to protect the data that is essential to the operations of your company, an ounce of prevention is still worth a pound of cure.
There are several options on the market for performing a regular health check on your IT network. They can range from as little as $1,200 to several hundred thousand dollars per year.
A $1,200 price tag sounds like a drop in the bucket when you compare it to the expense of a $100,000 or $1 million post-breach remediation effort.
So, what are you doing about your IT Health Check Up this year? An ounce of prevention may save you a pound of pain down the road. Call us today to talk about how our professionals can help you.