Why Not Take Cybersecurity Seriously?

Our Chief Information and Security Officer, Anthony Cabral, and Trey sat down to have a conversation about taking cybersecurity seriously in a short transcribed call. The conversation has been lightly edited.

Trey: Cybersecurity is no longer an option in today’s world, unfortunately. Security incidents are no longer a question of if but when. The question remains, why not take cybersecurity seriously?

Why not give your clients the best protection:

Anthony: Why not give your clients the best protection you can? That’s one of the big things when talking security, especially for server-spaced industries whether it is a law firm, architecture firm, or anything that is service-focused. They have clients and their biggest commodity is client information, plans, and documents. The biggest thing is you want to protect yourself, but you also have an ethical requirement to protect your client’s information too, right? What do you have in place to give them that protection?

Why Not have a plan:

Anthony: Most people don't have a plan and bad things happen all the time. We can reference natural disasters or car accidents or any number of things but bad things happen. Create an incident response plan if you don’t already have one. We reference the NIST Cybersecurity Framework as a starting point to build out your plan. Next is to create a disaster recovery plan. What happens in the event of a disaster? Who do you call? Who do you email? What are you communicating to clients? How are you communicating with staff and clients? If you have a plan, cyber insurance, you know who to call and have experts on demand to assist you with that things go a lot smoother. Why not skip insurance on your home or your car? Why protect your home and car but not your business.

 

Why Not do the simple things first?

Anthony: Doing the simple things right is another good place to start. Have a process and follow the process, train your people, and hold them accountable to follow the processes you have in place. Those are the things you can do that don't cost money but cost time and training. It's not a big capital expense or big operational expense but from a business owner's perspective why not spend the extra time, train our people, and hold them accountable? Everybody should be skeptical and should be double-checking before they sign things, send large amounts of money or open files that they're not expecting. It really is the simple things and nowadays, most people know what they are there's just no one holding them accountable.

Quick actionable takeaways from this interview:

  • Have a plan & policies in place such as an incident response plan and a disaster recovery plan

  • Go through your files and emails and get rid of stuff you no longer need

  • Take inventory of all your assets so you know what you have to protect

If you need help with cybersecurity, processes or policies Clear Guidance Partners would love to be that resource for you! Fill out this form and we will get in contact with you soon:

 

Trey Hiller