HOW YOUR SMALL BUSINESS CAN PROTECT AND SECURE CUSTOMER INFORMATION: AN INTERVIEW WITH CHRISTOPHER EDWARDS
October 28th, 2015 | by Raymond Turner
October has been officially dubbed as “National Cybersecurity Month.” Unfortunately there were no school closings, backyard barbecues or retail sales to mark its arrival. For many small businesses, this has come and gone like a brief scent in the air, swiftly and unnoticed. Many of the current firewalls and antivirus software options on the market are grossly ineffective in preventing an attack on your valuable data. This puts you and your customers at risk daily. We sat down with cybersecurity consultant Christopher Edwards, from Palo Alto Networks, to gain some insights into the complexity of protecting our business data, and what can be done proactively before it’s compromised.
Chris, can you give us a brief synopsis of the state of things and what that means [to you] as a small business owner.
Well, nowadays, the security industry has totally changed – within the past handful of years. And it has totally been rewritten from the standpoint that what we used for security previously is no longer effective. People/businesses create layers of security with their firewalls and antiviruses that are reactionary; in other words, they detect things AFTER the fact. And, there are only a couple of companies that are now what we call “proactive,” in the sense of being able to get in front of the attacks and deal with security in a proactive manner to stop attacks before they actually happen, or immediately as they are happening. They are able to detect it and shut it down within an instance (zero days as we call it), or within minutes or seconds.
The average ordinary business that sets up security has to realign their practices of security, or totally rethink the security issue; because what worked a decade ago is no longer effective at all. And literally I mean, at all! That leaves them susceptible to the attacks and sophisticated cybercriminals who are out there lurking. Most companies think, “oh that would never happen to me.” Well, most likely, believe or not it, has already happened to you and you don’t even realize it. They’re in your network. They don’t do it the same way now. What they actually do is, they get into your network and they sit there and hide and collect data and pass it off; selling it to organizations that would use it. By the time you find out, it’s utterly too late.
So what it sounds like you’re saying is, regardless of how small or large a business may consider themselves to be, this will definitely have an impact on how they do business and how they collect data.
Yes, absolutely! All data now is money; ALL data is money! Now, some of it’s worth a lot and some of it’s worth a little. But, your usernames, your IDs, credit card information, how you do business, your clients or customers, your research, development, what you store data in and how you store it…is extremely important. And certainly to any business, it’s the critical mainstay of their organization. So, they’ll want to protect it.
So, in light of this, what are your top five things a small business can do, or should be doing, to be as proactive as they can when it comes to their data and their customers’ information?
The executive team has to “own” security. They have to be responsible and realize that it’s not a game. They need to assess it and create policies that are proactive. And then, invest in the technology–just as much as you would have an insurance plan for your health, or for your life insurance, or for your automobile.
Security, in one word, is the “insurance” for your business. You must have it. That includes firewalls, antivirus and protective mechanisms that are in place proactively protecting you, your clients and your employees.
For those small businesses out there who may have had their data compromised or their customer’s information breached, what are a couple things they can do now on the backside of things to either cover themselves, or shut off that flood, if you will?
Well, immediately they should step in and assess the situation: where are we right now? And give an honest evaluation of, “this is the state of security in our organization now.” That’s just taking an honest look at what’s taken place. From there, you need to decide, “What level of security do we want?” Just as you decided on what type of insurance policy you wanted; what are you willing to take a hit on? But again, companies don’t have to let this happen. It doesn’t have to cost an arm and a leg. It just has to be done effectively! So, get the right amount of security for your organization so your “element,” or level of risk, is at what we would call an acceptable level. You’re comfortable with that, and being able to trust that system, and being sure you can protect your clients and employees with that level of security.
Great. Well, that sounds like an issue we would all do well, as small business owners, to pay very close attention to. Thanks for taking the time out of your busy schedule to shed some light on this very critical issue.