By Jessica Salerno-Shumaker, OSCPA senior content manager
Businesses that rarely pay attention or update their cybersecurity are setting themselves up for failure, says one IT expert.
“The bad guys only have to be right one time,” said Damon Hacker, President & CEO and a founder of Vestige Digital Investigations, a digital forensics company with headquarters in Cleveland. “We have to be right all the time, but an attacker could slip in. And once they slip in, it's all over.”
Too many organizations look at their cybersecurity efforts as a one-time project, Hacker said, and it’s a mistake that could cost a business dearly. As cybersecurity attacks increase around the world, proper security measures are a necessity for businesses long-term.
And for companies that might complain about cost, Hacker said he understands not every place has the budget to implement all the best practices every year when it comes to cybersecurity. For those companies, instead look at building on what’s been done year after year, that way consistent and up-to-date efforts are being taken for protection.
“I've had some clients who initially say, ‘We just did cybersecurity a couple years ago,’” he said. “And they spent that money, and their attitude is it was a project and something to do at one point in time. That’s just not the case, we have got to keep doing all those things.”
The good news, Hacker said, is many of the small but helpful actions businesses can take don’t have to be expensive. Sometimes it just means updating or configuring systems to ensure its at its best to fend off attacks.
With more professionals working from home, cybersecurity has had to evolve as well. Even something as simple as a password manager can make a huge difference, he said. This also might mean stepping outside of what has traditionally been done at a business to keep it protected.
“I've always said cybersecurity is a delicate balancing act between what is secure and what is convenient,” Hacker said. “The mistakes that people make are resisting putting in the minor controls that they can put in place to make things more inconvenient, because those are looked at as being ‘that's not what we're trying to accomplish.’’”