You can be on Entrepreneur’s cover!

Your Company is a Castle. Are You Prepared to Protect It From Invaders? Paranoia is a good thing, especially in the realm of cybersecurity.

By Sean McDermott

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

As the CEO of a national information technology consulting firm, I have asked hundreds of clients, "What keeps you up at night?" While I get a lot of answers, most of these answers can be summed up in four words: fear of the unknown. I often joke to my staff that I get paid to be paranoid, whether it's losing a sales deal, anticipating competitor movements or even dealing with politics within my clients. In business, I see paranoia as a strength, allowing me to acknowledge that there are many unknowns that can affect a situation and force me into thinking through multiple scenarios for planning. Much like chess, thinking many steps ahead helps my team anticipate and plan for clients shifting priorities, competitor moves or staff changes.

One area in particular that I continue to be very paranoid in is cybersecurity. My business works with many Fortune 500 companies and Department of Defense agencies that take cybersecurity very seriously, and this seriousness flows down to us. With almost every client, we have contracts and agreements to adhere to our clients' cybersecurity policies. As the CEO, it's my responsibility to ensure we meet these standards and agreements to protect my clients' information. In addition, it's my responsibility to protect the personal data of the employees that they have entrusted to us.

A security breach can have devastating effects on our business and the trust we hold with our clients and employees. Perhaps a company like Equifax can survive getting 148 million client records hacked, but losing the trust of my clients and employees could put us out of business.

Protecting the data of our clients and employees can be a daunting task, especially with 150 employees and contractors interacting with our clients on a daily basis. On a day-to-day basis, I am responsible for protecting all this data. However, I have no idea what information is being accessed, downloaded or emailed in and out of our company.

Related: 3 Cybersecurity Measures to Ensure Safety in 2021

Who has the keys to the castle?

When talking to my staff about cybersecurity, I compare the company to a castle with lots of doors and entry points. Our job is to ensure that all the entry points are protected to keep unwanted intruders out. But it's equally as important to ensure no information gets out, either accidentally or maliciously. This includes information in the digital and physical space.

Once an army crosses the moat, all bets are off. And, as Game of Thrones has taught us, an insider letting in an invader through some secret entrance subverts all the precautions. Never underestimate the threat humans have in your cybersecurity strategy. A chain is only as strong as its weakest link, and people are the weakest link.

As you think about your strategy for cybersecurity, focus on the three Fs: find, fund and fix. And this is where paranoia comes in handy. Think of all the scenarios that can come about. Be prepared, because this can be a dark exercise. Some basic scenarios to think about are:

  • What if someone loses their laptop or phone?

  • What if someone compromises their password?

  • What if an employee downloads unauthorized data?

  • What if an employee intentionally tries to forward data to a third party?

Once you pull the thread on these questions, there are all kinds of bad scenarios that surface. And, you'll probably start realizing there are way too many open doors to your castle.

Another key strategy to find your cybersecurity gaps is to compare your security tools, also known as your security stack, to standards published by the National Institute of Standards and Technology or the International Organization for Standardization. This process can be laborious, but if you Google "tools rationalization," you can find some companies that can automate this for you.

Related: 6 Cybersecurity Must-Haves for Your Business

Ignorance is a liability

As a CEO, you don't have to be an expert in cybersecurity, but the risks and impact of breaches are too great to not become educated. Start understanding the terms like social engineering, phishing, ransomware, and Distributed Denial of Service (DDoS). You need to understand the risks of the third-party applications you rely on and your new cloud computing initiatives. You also need to know solutions that you may be asked to fund, such as Single Sign-On (SSO), Multi-factor Authentication (MFA), Mobile Device Management (MDM), and Cloud Access Security Broker (CASB).

Ultimately, the decisions on these investments fall on the company leadership, many of whom will never understand the technical details of cybersecurity technology, risks, frameworks, etc. The key is to relate the cybersecurity risks to business objectives, like customer experience, financial management, supply chain, reputation and brand protection so they can understand where to make the best investments based on their business objectives.

When it comes to cybersecurity, paranoia is a good thing. It keeps you on your toes and you can use it to find your risk blind spots. Once you uncover your vulnerabilities, you can take action on them.

Related: A Business Leader's Beginner Guide to Cybersecurity

Sean McDermott

President, CEO & Founder of Windward Consulting & RedMonocle

As a serial entrepreneur, Sean McDermott has worked for more than twenty years to assist hundreds of global clients and the federal government in the design, development and operation of large-scale IT networks and data centers.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

Side Hustles Are Soaring as Entrepreneurs Start Businesses Working Part- or Full-Time Elsewhere, According to a New Report

The younger the entrepreneur, the more likely they were to start a business as a side hustle.

Side Hustle

This Insurance Agent Started a Side Hustle Inspired By Nostalgia for His Home State — Now It Earns Nearly $40,000 a Month

After moving to New York City, Danny Trejo started a business to stay in touch with his roots — literally.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Scrabble Makes First Change to Its Board in Over 75 Years

The new roll out is only available in Europe as of now.

Growing a Business

Want to Become an Industry Leader? Be a Guest on Podcasts — But Not the Ones You Think

If you are trying to promote your new product or service, there's a simple yet effective way to stand out from the rest.

Business News

CPI Report: Inflation Rose More Than Expected in March, Driven By Housing and Energy Costs

The average U.S. household is paying $227 more per month for goods compared to one year ago.