Want to know what every hacker hopes you believe? “We’re small…nobody wants to hack us.” This is the #1 reason why people (companies) get hacked. They dismiss the importance of IT security because they’re only a “small business.” This is a lazy, irresponsible excuse.
One thing is for certain: NO ONE is immune to cybercrime. In fact, one in five small businesses fall victim to cybercrime and that number grows every year. Plus, half of all cyber-attacks are aimed at small businesses BECAUSE they make themselves low-hanging fruit with sloppy or nonexistent security protocols.
And one more critical point to ponder: If YOU aren’t giving IT security the attention it deserves, how do you think your CLIENTS would feel about that? If for no other reason, you need to do it to protect your clients’ data, even if the only information about them you store is an e-mail address. If YOUR system gets compromised, hackers will now have access to your CLIENTS’ e-mail and can use that for phishing scams and virus-laden spam. I’m sure your clients want you to be a good steward of their information and privacy, so stop lying to yourself and get serious about putting essential security practices in place.
Episode Show Notes:
- In this episode we talk about this article by an info security magazine study. In this study they show that 100% of law firms have been attacked or targeted between January - March of 2020. [2:30]
- In this study they are talking, specifically, about the Legal Industry is under attack. They make it sound like more so than anybody else. [3:40]
- We could do our own study and show that EVERYBODY is under attack 100% of the time
- 15% of law firms were likely compromised (that’s a lot)
- Nearly HALF of law firms had some other form of suspicious activity on their network.
[5:58] - Problem #1:
- The problem we face in security is that it is just rampant, the attacks are everywhere. They are automated. They are relatively easy to pull off.
- “As a business owner (theoretically say I do not own an IT company or have any experience in IT). Maybe I own a law firm and I am the managing partner of the Law firm. Maybe I’m the primary doctor or physician at a local clinic. Maybe I own an accounting firm. I am the guy, I started it, I filed all the paperwork and my specialty is in my craft… How do I prevent a cyber-attack, Joe?
What to look for in IT support:
- Businesses operate on some pretty slim margins. So, when I’m out looking for tech support and 3 people show up at my door saying hey, we can all do the same thing, how do I choose? [8:20]
Cyber Security is more of a specialty. Whereas IT consultants are kind of generalist – think of your family physician.
- “Like Joe said in the beginning, statistics could be made up, could be manipulated, BUT Every time I look at the statistics it’s about 20% of businesses get hacked.”
- I’ve seen it a bunch of different ways, but...The reality is, if you play the odds long enough, the real likelihood of some sort of a breach is probably approaching that dreaded 100%.
As a business owner, as a managing partner at a law firm, as the practice manager who is responsible for the clinic. When somebody gets hit, that falls on YOU.
- How do you vet an IT company if you don’t know anything about IT?
- NOTE: If you try to implement this yourself, that is flat stupid. Because you can’t. It is like me trying to do heart surgery myself. Please for the love of god don’t do that.
At [14:57] we go through a basic checklist of what should be happening behind the scenes to protect a company:
- We want to make sure they have strict policy on of use of company devices.
- Procedures – have a document in place
- Have some sort of regular training or education for employees for safest and best practices.
- Ongoing education
- Letting the client know if information has been compromised immediately.
- You SHOULD have an incident response plan for if and WHEN you get hit. What are the proper procedures?
- Constantly updating security and hiring digital security firm if needed.
- Like we mentioned earlier, if you have an IT guy that’s great, but you NEED a security guy.
- If you were to be compromised: [18:05]
- 1. There should be a policy and
- 2. It should be enforced.
- Quick point about Two Factor Authentication: If your IT guy if your security guy isn’t talking to you and beating you up over Two Factor Authentication (2FA) then you probably better find a new one!
- [20:40] – Here is a great litmus test: If you aren’t annoyed as hell at your IT company for all the security stuff and hoops you are jumping through…you better find a different one!
- The stupid answer here is to not be prepared. To not be paying attention to this. To thinking that you are invulnerable.
- To think that this isn’t going to happen to you is asinine I mean 100%
- It is rare that we can say 100% on anything, but the fact that you are being actively targeted right now is 100%...