Whether it’s identity theft through an ATM skimmer or the possibility of stolen social security numbers after a company or organization you trusted was breached, you likely know—either firsthand or via a friend/family member—what it’s like to have your personal information compromised.
But as the owner of a business, you have a different level of responsibility in protecting your organization, assets, and customers. Although we are far from being cybersecurity experts, we’re here to help point you to some resources to stay up-to-date on the latest in cybersecurity.
In the wise words of that famous NBC PSA…
Tip 1: You Can Teach an Old Dog New Tricks!
Would you consider yourself a tech novice? When you think of hackers, do you think of someone in a dark basement in a far-off country? Or do you think you’re a tech expert who knows what it means to protect your business from potential threats? Either way, you can never know too much, and you can always teach an old dog new tricks.
In 2014, Rick Howard, CISO of Palo Alto Networks, created the Cybersecurity Canon (read more in the CSO article by Ben Rothke). The Canon includes highly recommended books from cybersecurity experts, and whether you are looking for information on cyber history, law, governance, or risk/compliance, this list is easily sortable and has something for everyone. And if you are simply interested in a great vacation read as you gear up for the summer, you can find that on this list, too.
Tip 2: Follow a Few Trusted News Sources.
There is a lot of information out there about cybersecurity, and it can feel overwhelming at times. Our second tip is not to try to boil the ocean with your knowledge. You can lean on a few sources for great, timely information. Here are a few sources we like to follow:
Dark Reading: You can find a great mix of news and commentary from experts, with product information sprinkled throughout the site.
Krebs on Security (Brian Krebs): Brian Krebs is a highly respected cybersecurity expert and former reporter for The Washington Post. When it comes to cybersecurity, he doesn’t simply report on the news—he breaks the news. Whether it’s nation-state hackers or cybersecurity vendors, everyone wants Krebs’ attention in the cybersecurity world.
CSO: Like Dark Reading, you’ll find a mix of information on this site. This is a great place to browse for tips from experts.
SC (formerly known as SC Magazine): You may see some more vendor-specific news here, but there is healthy mix of thought leadership on cybersecurity, too.
The Hill: Most publications have a cybersecurity section these days, and given all the changes in government policies, it’s not surprising that The Hill also has a cybersecurity section. This is an excellent source for staying up-to-date on the latest federal cybersecurity policies.
Tip 3: Lean on Others.
At the end of the day, you are one person who likely has to run a business, not simply worry about cyberthreats. The good news is that there are lots of people out there who spend their days staying current on what is happening in the world of cybersecurity. So consider whom you can lean on to support your learning and/or strategy to protect your business from potential threats. Here are a few people to lean on in your cybersecurity journey:
Identifying solid mentors and new friends is a great way to stay ahead of the game, while not relying on just your knowledge to make decisions. Check out local cybersecurity meet-ups or attend a cybersecurity conference (RSA and BlackHat are two tier-one tradeshows on the topic).
Invest in a cybersecurity team or consultant.
Find an awesome IT person who is passionate about cybersecurity.
If your budget allows, consider hiring a Chief Security Officer (CSO) or a Chief Information Security Officer (CISO).
If you have a limited budget, simply bring in a consultant to evaluate your cybersecurity strategy and current holes and to provide guidance on how you can reduce risk.
Tip 4: To Err Is Human.
Regardless of what you do to protect your organization, human error is inevitable. A recent report by Oracle, noted in this article by TechRepublic, calls out this specific trend and how artificial intelligence may be a solution to consider. But investing in AI-specific technology might not be realistic for your business right now, so our biggest tip is to ensure you properly train your employees on the risks of cybersecurity, compliance, and privacy. (Don’t assume you are compliant because you have a cybersecurity policy or vice versa.) It does not matter what you know—if your employees are not educated also, you will continuously be at risk.
Being a business owner comes with a ton of responsibilities, and in today’s world, ensuring you’re in the know about cybersecurity is—and will continue to be—one of them. Lean on a few trusted cybersecurity experts to guide you so that you can make your business its best. Because what they say is true: Knowledge is power.