By Silka Gonzalez, an EO South Florida member and the President and CEO of Enterprise Risk Management, Inc.
I have a secret to share: I find the concept of disruption, disruptive ideas and trying to be the disruptor (and not the disrupted) extremely fascinating. For as long as I can remember, I’ve thought of “disruption” as a bad thing. It’s not my fault. As a leader in the risk-management industry, my line of business forces me to think that way. Understanding the nature of disruption is critical to sustained success, which is why I want to introduce you to a different kind of disruption that you should keep in mind as you continue to build your business.
The Cost of Disrupting Your Business Your business probably has a website that you depend on, either it sells your products or it serves as a virtual business card. In many ways, your website is intrinsically tied to your brand. As such, you should know that right now, anyone with Internet access can disrupt your business for as low as US$2.99 per month. A hacker group called the Lizard Squad offers “Distributed Denial of Service” attacks (you probably know them better as “DDoS” attacks). The Lizard Squad is infamous for allegedly taking down the Xbox Live and PlayStation Network during Christmas last year.
It’s hard to believe, but for US$2.99—less than the cost of a Starbucks latte—anyone can knock your website offline for 100 seconds. Think about that: A non-functioning website for more than a minute. For eight hours, the price is US$69.99. How much money is eight hours of total website disruption worth to your business? Trivial math will tell you how much it would cost to completely kill a website for a full year. The Lizard Squad accepts payments via PayPal and Bitcoin, making website paralysis possible with just a few clicks. If that’s not enough to make you worry, here’s what should really concern you—these prices will continue to get cheaper.
Hackers are the mother of all disruptors. And this is more than just websites going down. It doesn’t matter if you have the most ground-breaking idea or earth-shattering business model. If your business gets hacked and customer information gets stolen, you’ll get the worst media coverage imaginable— the viral kind. Unless you’re a 100% offline business that has nothing to do with the Internet, you need to change the way you think and run your “connected business.”
Get Your Hands Dirty Think finances and cash flows. If you don’t understand them, you can’t run your business. If you want to stay relatively safe from hackers, you need to understand what your CIO, CISO or IT Director is doing with that money you’re spending. You don’t need to know the make and model of the latest security software or equipment. You only need to understand what different cyber-security threats your business faces and what measures your company is putting in place to combat them. Arm yourself with knowledge. Find resources that interest you—articles, blogs, videos or programs with talks offering insights on how to make good cyber-security decisions for your business. The more you know, the better you can prevent your company from being another cyber-attack victim.
Hack Yourself with Full Force It’s called penetration testing, and you’re probably familiar with the term. But you need to ensure that you hack the living daylights out of your technical infrastructure. After all, that’s what hackers are going to do. You need to test everything that’s connected to a network—even the printers and security cameras. There’s one other test that organizations rarely perform: a Data Breach Health Check. It involves testing all of your networks and devices to make sure that nothing’s been hacked yet. Ideally, you should perform this test every quarter.
Cover Your Bases Know what you need to do if you have a data breach in your business. While bad publicity is something you’ll still have to handle, it is wise to have your legal obligations out of the way. In cases where customer information has been compromised, you’ll need to formally notify the customers involved and the governing legal entities. If you plan to notify only some customers, then you need to be able to prove that you’ve performed a formal, unbiased investigation into the breach, which established that only these customers were affected while others were not.
Train Your Workforce They’re bored and aren’t interested in the details. They have enough on their plates, so security is the last thing on their minds. That’s all the more reason why it’s important to engage them with unique ideas and educate them regarding the ins and outs of cyber-security. Ask your training team to come up with interesting videos, newsletters and seminars with tips on how to protect themselves and their families online. Security is an attitude—if they learn to protect their own information, they’ll protect your business information as well.
Hackers have given a new meaning to disruption. Against the backdrop of the connected nature of doing business today, this is disruption that doesn’t differentiate between business size, industry or maturity level. The time is ripe to give this mother of all disruptions its due consideration.
Categories: Best Practices LEADERSHIP Technology
Silka, brilliant article! Scary. But brilliant!