Get All Access for $5/mo

Your Company is a Castle. Are You Prepared to Protect It From Invaders? Paranoia is a good thing, especially in the realm of cybersecurity.

By Sean McDermott

Opinions expressed by Entrepreneur contributors are their own.

As the CEO of a national information technology consulting firm, I have asked hundreds of clients, "What keeps you up at night?" While I get a lot of answers, most of these answers can be summed up in four words: fear of the unknown. I often joke to my staff that I get paid to be paranoid, whether it's losing a sales deal, anticipating competitor movements or even dealing with politics within my clients. In business, I see paranoia as a strength, allowing me to acknowledge that there are many unknowns that can affect a situation and force me into thinking through multiple scenarios for planning. Much like chess, thinking many steps ahead helps my team anticipate and plan for clients shifting priorities, competitor moves or staff changes.

One area in particular that I continue to be very paranoid in is cybersecurity. My business works with many Fortune 500 companies and Department of Defense agencies that take cybersecurity very seriously, and this seriousness flows down to us. With almost every client, we have contracts and agreements to adhere to our clients' cybersecurity policies. As the CEO, it's my responsibility to ensure we meet these standards and agreements to protect my clients' information. In addition, it's my responsibility to protect the personal data of the employees that they have entrusted to us.

A security breach can have devastating effects on our business and the trust we hold with our clients and employees. Perhaps a company like Equifax can survive getting 148 million client records hacked, but losing the trust of my clients and employees could put us out of business.

Protecting the data of our clients and employees can be a daunting task, especially with 150 employees and contractors interacting with our clients on a daily basis. On a day-to-day basis, I am responsible for protecting all this data. However, I have no idea what information is being accessed, downloaded or emailed in and out of our company.

Related: 3 Cybersecurity Measures to Ensure Safety in 2021

Who has the keys to the castle?

When talking to my staff about cybersecurity, I compare the company to a castle with lots of doors and entry points. Our job is to ensure that all the entry points are protected to keep unwanted intruders out. But it's equally as important to ensure no information gets out, either accidentally or maliciously. This includes information in the digital and physical space.

Once an army crosses the moat, all bets are off. And, as Game of Thrones has taught us, an insider letting in an invader through some secret entrance subverts all the precautions. Never underestimate the threat humans have in your cybersecurity strategy. A chain is only as strong as its weakest link, and people are the weakest link.

As you think about your strategy for cybersecurity, focus on the three Fs: find, fund and fix. And this is where paranoia comes in handy. Think of all the scenarios that can come about. Be prepared, because this can be a dark exercise. Some basic scenarios to think about are:

  • What if someone loses their laptop or phone?

  • What if someone compromises their password?

  • What if an employee downloads unauthorized data?

  • What if an employee intentionally tries to forward data to a third party?

Once you pull the thread on these questions, there are all kinds of bad scenarios that surface. And, you'll probably start realizing there are way too many open doors to your castle.

Another key strategy to find your cybersecurity gaps is to compare your security tools, also known as your security stack, to standards published by the National Institute of Standards and Technology or the International Organization for Standardization. This process can be laborious, but if you Google "tools rationalization," you can find some companies that can automate this for you.

Related: 6 Cybersecurity Must-Haves for Your Business

Ignorance is a liability

As a CEO, you don't have to be an expert in cybersecurity, but the risks and impact of breaches are too great to not become educated. Start understanding the terms like social engineering, phishing, ransomware, and Distributed Denial of Service (DDoS). You need to understand the risks of the third-party applications you rely on and your new cloud computing initiatives. You also need to know solutions that you may be asked to fund, such as Single Sign-On (SSO), Multi-factor Authentication (MFA), Mobile Device Management (MDM), and Cloud Access Security Broker (CASB).

Ultimately, the decisions on these investments fall on the company leadership, many of whom will never understand the technical details of cybersecurity technology, risks, frameworks, etc. The key is to relate the cybersecurity risks to business objectives, like customer experience, financial management, supply chain, reputation and brand protection so they can understand where to make the best investments based on their business objectives.

When it comes to cybersecurity, paranoia is a good thing. It keeps you on your toes and you can use it to find your risk blind spots. Once you uncover your vulnerabilities, you can take action on them.

Related: A Business Leader's Beginner Guide to Cybersecurity

Sean McDermott

President, CEO & Founder of Windward Consulting & RedMonocle

As a serial entrepreneur, Sean McDermott has worked for more than twenty years to assist hundreds of global clients and the federal government in the design, development and operation of large-scale IT networks and data centers.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

At Age 15, He Used Facebook Marketplace to Start a Side Hustle — Then It Became Something Much Bigger: 'Raised Over $1.6 Million'

Dylan Zajac, now a 21-year-old senior at Babson College, wanted to bridge the digital divide.

Side Hustle

'I Just Hustled': She Earned More Than $300,000 Wrapping Gifts Last Year — and It All Started With a Side Hustle

When Michelle Hensley lost her husband to cancer, she needed to figure out how to earn an income for her family.

Franchise

McDonald's Announces the Return of the Snack Wrap in 2025 — Here's What to Expect From Its Comeback

The decision comes after years of persistent customer demand for the portable snack, which debuted nearly two decades ago.

Business News

OpenAI Just Released Its Text-to-Video Generator, Sora. Here's How the New AI Could Impact Small Businesses and Creators.

Sora has a variety of use cases for businesses, from social media campaigns to video creation.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Innovation

These Entrepreneurs Created a League That Turns Gamers Into Pro Race Car Drivers: 'We're Giving Drivers a Sustainable Career Path'

Racing Prodigy's innovative E2Real sports league is lowering the high-cost barrier to entry for drivers to take their passion to the track.