Small and medium businesses have all but ignored cyber-security and risks associated with lax network security practices for far too long. Business leaders often have backgrounds and at least a smattering of understanding in the legal, insurance, accounting, operations, human resources, and/or marketing aspects of their business which allows them to make informed decisions in those areas, however, when it come IT security, but too few in the decision making circles of small businesses truly understand the landscape of threats, odds or consequences in order to make informed decisions as to their exposure to cyber risk or the costs that would be required to mitigate those risks.
In other important aspects of your business, things get verified and protected by highly trained and certified professionals. You have an accountant check your books and file your taxes. You do this because you know a small mistake there could end up costing you huge down the road. You do the same with your legal needs, you don't pretend to be a lawyer and draft your own legal documents, or represent your business in a legal proceeding. So, why then do so many business leaders feel compelled to all but ignore or try to inform their own cyber-security defenses?
So, step one then, is get yourself an audit from a highly trained and certified cyber-security expert. Most people can see the wisdom in the old adage, an ounce of prevention equals a pound of cure. This holds true in healthcare, as well as cyber-security. Your network analysis will undoubtedly generate some security related recommendations that will inevitably be less costly to implement before your systems become infected or compromised than it would be to try to recover from such an event after the fact.
In our next segment, we'll dive deeper into some cyber-crime statistics, as well as some all too common intrusion scenarios that can be truly crippling, even for companies that don't have 'valuable' data, as well as how easy and inexpensive many of the inoculations can be.