While none of these issues are new, they can all pose a serious risk to a company’s infrastructure as well as its bottom line.
McCarthy cited cybercrime as a costly breach in IT security. She referred to the August 2014 hacking attack on Community Health Systems (CHS) that resulted in 4.5 million patients having their information stolen. As evidenced by Target and other notable companies who’ve endured bad publicity because of cybercrime, few companies are safe from attack.
- Takeaway: While larger companies provide more substantive targets for hackers, startups and small businesses should still handle their customers’ information with the utmost care and security.
Secondly, McCarthy pointed to cyberterrorism as an ever-growing threat. Whether it’s through infecting computers with viruses or using social networks to recruit new members to their cause, cyberterrorists can wreak havoc in both the real and digital world.
- Takeaway: Small businesses should ensure that their employees use proper security software so as to not allow their systems to become compromised.
Lastly, McCarthy described insider threats as becoming a more disruptive form of IT security problems. When employees within a company, or even that company’s clients, leak information (whether intentionally or by accident), the company can experience a major setback depending on the type of information released.
- Takeaway: For small businesses, this means they should work to prevent such leaks from occurring, whether that’s through non-disclosure agreements or other preventative measures.
So how does McCarthy suggest that entrepreneurs and small businesses thwart these sometimes overwhelming issues? By hiring a Chief Information Security Officer (CISO).
Such an “agent of change,” as she defines the role, can help prevent massive data loss or other detrimental IT security issues from gravely affecting a small company. Waiting to hire a CISO after an IT security problem has occurred is reactionary and could cost a company much more than if the company had been proactive in hiring a CISO.
To learn more about the role of a CISO, hear Marci McCarthy speak on that topic at the 2014 InfoSec Conference, now in its fourteenth year. The 2014 conference boasts two industry-recognized keynote speakers, panel discussions and multiple breakout sessions focusing on technical and management issues, as well as healthcare and other industry regulations in the security industry. InfoSec is the Southeast’s leading security conference and aims to bring technologists and security professionals together for a full day of exciting speakers and networking opportunities.
For more information on T.E.N.’s programs, events, and services, visit http://www.ten-inc.com.