In 2021, complacency about your IT security is dangerous.
Recent news about hidden, extensive breaches of state and federal government entities and private corporations shocked many in IT and cybersecurity.
According to investigators, Russian agents spread espionage malware through updates from IT management firm SolarWinds. The list of victims continues to grow, and investigators believe the hackers stole classified data and intellectual property.
Another major breach making news involves an Accellion software product used to transfer large files. The software is 20 years old, and following the breach, Accellion said the software would be deemed “end of life” in April and phased out.
Meanwhile, news of the breaches has prompted state legislators to sponsor bills putting companies on the hook to meet public notification standards in the event of a breach. Anger at lax security measures, starting with Equifax in 2017, spurs this legislation.
So what is a small to medium enterprise to do? The short answer in 2021 is – stop being complacent about your data management practices.
In addition to hackers, plaintiffs are out there suing companies for failing to get updates done, using out-of-date or legacy equipment and software, not creating user access restrictions, allowing weak password use, and not implementing multifactor authentication.
A weak security measure that caused a breach is a plaintiff lawyer’s dream. But it can be a nightmare for the unprepared organization.
Some companies have not survived. Unless you prioritize cybersecurity, yours may not either. The time has come to implement controls – and spend money – to shore up your vulnerabilities.
At a minimum, we recommend you do a risk assessment of your data protection measures to determine where those vulnerabilities are. And we recommend you seek the help of an outside third-party – such as Imagequest – to ensure nothing gets excused from attention.
We understand 2020 was a challenging year – but unfortunately, so do the criminals and foreign enemies. Our enemies are counting on U.S. organizations to fail to budget for appropriate cybersecurity – and fail to take cybersecurity seriously.