by Tony Rushin
“No locale, no industry or organization is bulletproof when it comes to the compromise of data.” This alarming statement from Verizon’s 2016 Data Breach Investigations Report is scary, but absolutely true. People often think that their firm won’t be a target, but every firm – no matter how small – is at risk from cybercrime. The costs of this kind of crime are growing rapidly; Juniper Research estimates that the worldwide cost stemming from incidents of data breach will be $2.1 trillion by 2019. That’s not a typo: 2.1 trillion dollars.
The global numbers are staggering and with numbers this large, it is worth taking a serious look at how cyber security risks could affect your firm. Cybercrimes take many forms, including targeted attacks, malware and ransomware that steal your data and return it only after a substantial payment, if at all. Smaller companies and small or mid-sized law firms are increasingly the focus of such attacks. In part, that’s because they are seen as softer targets, with less rigorous security in place. These organizations also hold the potential to give criminals access to information they can use to exploit or embarrass high-profile individuals, or obtain and profit from advance information about business deals.
How can small and mid-sized firms afford to secure their data when companies with deep pockets, like Target, Sony and other large enterprises, are unable to prevent hacks? It’s true that some information security technologies are pricey, but most data breaches come from the biggest security hole in any organization: its people, not its technology. Although investing in better technology might be part of the solution, many of the prevention strategies available to firms revolve around training team members, ensuring they know what to do, and having leaders who focus on creating, implementing and enforcing good policies.
Here are four keys to reducing your firm’s cyber security risks:
- Strong leadership that is security-driven
- Put the right policies in place – then train & enforce
- Technology for prevention: take a layered approach
- Technology for detection: know when an issue happens
There’s a fine line between paranoia and maintaining a responsible, proactive attitude towards cyber security. When it comes to data security, it pays to err on the side of paranoia. With cybercrime rampant and rising, every firm needs to recognize that it can and most likely will happen to them. When it does, will your firm be utterly devastated or merely inconvenienced? To ensure the latter outcome, you must do everything possible to reduce the risks associated with data breaches and other cybercrimes. From establishing a wrap-around security policy and training all team members to using the best technology tools and securing expert help, every step you take to minimize risk in this area is an effort you’ll be glad you made on the inevitable day when your security is put to the test.