Join our Waitlist for Expert Advice!

Your Company is a Castle. Are You Prepared to Protect It From Invaders? Paranoia is a good thing, especially in the realm of cybersecurity.

By Sean McDermott

Opinions expressed by Entrepreneur contributors are their own.

As the CEO of a national information technology consulting firm, I have asked hundreds of clients, "What keeps you up at night?" While I get a lot of answers, most of these answers can be summed up in four words: fear of the unknown. I often joke to my staff that I get paid to be paranoid, whether it's losing a sales deal, anticipating competitor movements or even dealing with politics within my clients. In business, I see paranoia as a strength, allowing me to acknowledge that there are many unknowns that can affect a situation and force me into thinking through multiple scenarios for planning. Much like chess, thinking many steps ahead helps my team anticipate and plan for clients shifting priorities, competitor moves or staff changes.

One area in particular that I continue to be very paranoid in is cybersecurity. My business works with many Fortune 500 companies and Department of Defense agencies that take cybersecurity very seriously, and this seriousness flows down to us. With almost every client, we have contracts and agreements to adhere to our clients' cybersecurity policies. As the CEO, it's my responsibility to ensure we meet these standards and agreements to protect my clients' information. In addition, it's my responsibility to protect the personal data of the employees that they have entrusted to us.

A security breach can have devastating effects on our business and the trust we hold with our clients and employees. Perhaps a company like Equifax can survive getting 148 million client records hacked, but losing the trust of my clients and employees could put us out of business.

Protecting the data of our clients and employees can be a daunting task, especially with 150 employees and contractors interacting with our clients on a daily basis. On a day-to-day basis, I am responsible for protecting all this data. However, I have no idea what information is being accessed, downloaded or emailed in and out of our company.

Related: 3 Cybersecurity Measures to Ensure Safety in 2021

Who has the keys to the castle?

When talking to my staff about cybersecurity, I compare the company to a castle with lots of doors and entry points. Our job is to ensure that all the entry points are protected to keep unwanted intruders out. But it's equally as important to ensure no information gets out, either accidentally or maliciously. This includes information in the digital and physical space.

Once an army crosses the moat, all bets are off. And, as Game of Thrones has taught us, an insider letting in an invader through some secret entrance subverts all the precautions. Never underestimate the threat humans have in your cybersecurity strategy. A chain is only as strong as its weakest link, and people are the weakest link.

As you think about your strategy for cybersecurity, focus on the three Fs: find, fund and fix. And this is where paranoia comes in handy. Think of all the scenarios that can come about. Be prepared, because this can be a dark exercise. Some basic scenarios to think about are:

  • What if someone loses their laptop or phone?

  • What if someone compromises their password?

  • What if an employee downloads unauthorized data?

  • What if an employee intentionally tries to forward data to a third party?

Once you pull the thread on these questions, there are all kinds of bad scenarios that surface. And, you'll probably start realizing there are way too many open doors to your castle.

Another key strategy to find your cybersecurity gaps is to compare your security tools, also known as your security stack, to standards published by the National Institute of Standards and Technology or the International Organization for Standardization. This process can be laborious, but if you Google "tools rationalization," you can find some companies that can automate this for you.

Related: 6 Cybersecurity Must-Haves for Your Business

Ignorance is a liability

As a CEO, you don't have to be an expert in cybersecurity, but the risks and impact of breaches are too great to not become educated. Start understanding the terms like social engineering, phishing, ransomware, and Distributed Denial of Service (DDoS). You need to understand the risks of the third-party applications you rely on and your new cloud computing initiatives. You also need to know solutions that you may be asked to fund, such as Single Sign-On (SSO), Multi-factor Authentication (MFA), Mobile Device Management (MDM), and Cloud Access Security Broker (CASB).

Ultimately, the decisions on these investments fall on the company leadership, many of whom will never understand the technical details of cybersecurity technology, risks, frameworks, etc. The key is to relate the cybersecurity risks to business objectives, like customer experience, financial management, supply chain, reputation and brand protection so they can understand where to make the best investments based on their business objectives.

When it comes to cybersecurity, paranoia is a good thing. It keeps you on your toes and you can use it to find your risk blind spots. Once you uncover your vulnerabilities, you can take action on them.

Related: A Business Leader's Beginner Guide to Cybersecurity

Sean McDermott

President, CEO & Founder of Windward Consulting & RedMonocle

As a serial entrepreneur, Sean McDermott has worked for more than twenty years to assist hundreds of global clients and the federal government in the design, development and operation of large-scale IT networks and data centers.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

She Started a Business With $300 After Getting Laid Off. It Made $300,000 in Year 1 and Became a Multimillion-Dollar Company.

Bobbie Racette wanted to revamp the virtual assistance space — and provide job opportunities for underrepresented communities at the same time.

Business News

Can Anyone Beat Microsoft at AI? The CEO of Salesforce Thinks His Company Can.

Salesforce CEO Marc Benioff calls Copilot "the new Microsoft Clippy."

Franchise

McDonald's Launched a Happy Meal for the 30th Anniversary of a Classic '90s Sitcom — But There's a Catch

The promotion is only available in one country, so fans elsewhere are turning to resale platforms like eBay to buy the collectible toys.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Starting a Business

How to Find the Right Programmers: A Brief Guideline for Startup Founders

For startup founders under a plethora of challenges like timing, investors and changing market demand, it is extremely hard to hire programmers who can deliver.

Business News

'Not Yet Fully Autonomous': Tesla's Optimus Robots Stole the Show — But Were They Actually Controlled By Humans?

Musk said the $20,000 to $30,000 robot could perform household tasks like mowing lawns and putting away groceries.