Recent large-scale cyber attacks have revealed just how vulnerable data can be when businesses don’t have the right protections in place. Target’s breach exposed information on 40 million customers, and assaults on Yahoo affected hundreds of millions of accounts. Both are high-profile cases to be sure, but companies of any size are at risk. In fact, more than 40 percent of cyber attacks targeted small businesses in 2015, according to Symantec.
So how can you convince decision-makers that cybersecurity matters? Start with this advice from Dr. Glenn S. Dardick, a cyber forensics consultant and associate professor of cybersecurity at Embry-Riddle Aeronautical University.
Bring Them Up to Speed
Decision-makers need to become generally knowledgeable about security issues. “Many of these decision-makers belong to professional organizations that offer information and continuing education on security issues, relative to their industries and job function,” Dardick says. “You don’t need to know how to program a computer, but you must understand what your responsibility is in securing your cyber infrastructure.”
Focus on Compliance
Because compliance requirements mandate that certain security measures be in place, it can spur action by leadership, Dardick says. For example, 17 CFR §248.30 requires companies to create written policies and procedures to protect customer information. “Compliance becomes a major motivator to get people to do something. If you are legally responsible for people’s data in your system, then you need to take certain actions to secure that data.”
Recognize That You May Already Be Under Attack
Computer criminals, like bank robbers, will scope out vulnerabilities far in advance of the actual theft. “They look for systems that are susceptible, and then they go in and test those systems,” Dardick says. “Most breaches don’t occur when you think they do. You may find out about it today, but in reality the breach started a year ago.”
Offer a Reality Check
Even after an organization has been breached, it can be difficult for decision-makers to accept that changes are needed. Dardick cites a case in which a law firm’s attorney-client privileged documents were compromised. “I had a problem convincing the firm that this was not a random attack,” he says. “People will think that these attacks are happening everywhere, and they were just one of the unlucky ones. Individuals go into denial, assuming that the hackers weren’t attacking the business personally. But they were, and if the organization doesn’t don’t do something, it will happen again. The organization needs to change what they’re doing, adopt good policies and procedures, and secure their system.”
The best way to thwart cyber attacks is to stay a step ahead. The online Master of Science in Cybersecurity Management & Policy at Embry-Riddle is specifically designed to give working professionals the knowledge they need to become leaders in cybersecurity.
You know WHERE you’re going. We help you GET THERE.
Embry-Riddle Aeronautical University, the world’s largest, fully accredited university specializing in aviation and aerospace, is a nonprofit, independent institution offering more than 80 baccalaureate, master’s and Ph.D. degree programs in its colleges of Arts & Sciences, Aviation, Business, Engineering and Security & Intelligence. Embry-Riddle educates students at residential campuses in Daytona Beach, Fla., and Prescott, Ariz., through the Worldwide Campus with more than 125 locations in the United States, Europe, Asia and the Middle East, and through online programs. The university is a major research center, seeking solutions to real-world problems in partnership with the aerospace industry, other universities and government agencies. For more information, visit erau.edu, follow us on Twitter (@EmbryRiddle) and facebook.com/EmbryRiddleUniversity, and find expert videos at YouTube.com/EmbryRiddleUniv.