Biggest trend in 2019 – Executives let their IT departments determine the risk level of the entire company.
What actually happened in 2019?
- Increase in Ransomware
- Increase in Business Email Compromise
- Increase in compliance driven by clients
- Increase in compliance driven by EU and (incoming… California)
What should you be doing in 2020?
- Avoiding phishing and social engineering attempts
- Using a password manager AND not repeating your passwords
- Use multi-factor and advanced biometrics when available
Shocked by any of this? Maybe not because it’s all been said before. Probably because these were the trends in 2017, and in 2018 too.
The other trend is that these vectors of attack are getting better and better and we routinely see employees fall for social engineering attempts at a rate hovering at 40%, for the past three years. Technology alone is not the answer. Neither is “IT.”
The fix is simple. Have a layered defense. Ok, that’s not simple, but if you’re a business owner, executive or decision-maker, if you do nothing you’re letting your IT departments decide how much risk your company takes on an hourly basis.
IT is part of the solution, but not the great decider of the amount of risk your business takes on. However, that’s the trend I’ve seen more than any other. We recommend, as a best practice, that leadership work in conjunction with their IT department and other key business stakeholders to develop a level of risk tolerance the company is willing to take on, and learn how to manage and grow with that decided-upon level of risk.
The business leaders of any company take pride in making decisions that lead to success. These business executive also need to lead the way on managing risk, and assuming IT has “got it,” is not a plan. When you renew your insurance, or sign a big deal, is a great time to examine your cybersecurity and privacy stance. Involve IT, but lead the conversation yourself and think in layers. You never know at what layer of your business the security or compliance will fail. Could be the firewall, the server defenses, the email spam filter, the human, the insurance sub-limit, the negative press, etc. Know your defenses and lead the conversation.