I personally am often involved in contacting clients – and dealing with potential clients – to inform them of the importance of appropriate preventative measures to protect their data. I don’t only address myself to individuals but also to companies: antivirus, backups, operating system updates, maintenance, etc. are the words, or rather the preventive solutions, that I most often cite and for the most part the answers I get generate in me and in my colleagues a certain regret. “I don’t feel the need” is certainly the answer that goes for the most and that “cuts off our legs” as it is synonymous with a lack of culture towards the topic addressed. I can’t tell you how embarrassed I am when I find myself telling you that, for example, due to a failed backup, ten or more years of work have gone up in smoke and nothing is possible but to opt for the famous clean room, ergo thousands of euros to spend and not having the certainty of recovering everything.
Thinking about the possibility of losing data in a hacker attack, a twisted logic has developed according to which despite the fact that users are bombarded with spam of all kinds on a daily basis, they are still of the opinion that the attacks in question only target large companies. Nothing could be more false. Statistics state that 43% of cyber attacks affect small businesses generating a devastating impact to say the least. As many as three out of five companies experiencing a breach have been forced to shut down “lock, stock and barrel” within six months of the attack. This is because the attack in question has led to huge expenses in terms of system recovery, as well as loss of turnover due to the lack of trust of its customers: who would want to be assisted by a company whose managed data has been stolen?! One crucial issue that companies should consider is that there is no breach by hackers without someone within the company itself clicking on malicious links. A question should then arise spontaneously: in my company are we adequately trained to recognize and avoid suspicious behaviors mainly through email?
Basically, an examination of conscience and of the company’s IT security should be done periodically to avert any kind of attack-damage, considering that the threats that are lavished by hackers are increasingly sophisticated. It’s kind of like when you’re evaluating car insurance or a home burglar alarm system: by the time the accident has happened or the thieves have visited, it’s always too late. Again, these are preventive measures, and similarly, why not worry about protecting your business operations?
Sara Avanzi