Strong passwords and multi-factor authentication go a long way toward helping people stay secure. So do adequate data backups and the effort it takes to keep software updated with the latest patches.
Basic cyber “hygiene” is a must. Businesses and individuals who don’t practice the basics may be vulnerable to hackers, including hackers who encrypt data and demand a ransom for its return.
Spreading the Word
The cybersecurity landscape continues to change. “Education is critical,” said Sean Ferrel, CEO and founder of
“Poor hygiene always invites risk. Always has, always will,” said Darin Andersen, a senior executive with
All three help clients defend themselves against bad actors on the internet.
Ferrel said his company has grown its security practice by 50% in the last year.
The attitude among customers has changed. “It’s not ‘why do I need security’” anymore, Ferrel said. Rather, the customer is asking what sorts of things they need.
That is being driven primarily by regulation and compliance, he said. Insurers now demand clients meet certain requirements for coverage.
Media accounts of hacking are also stoking awareness.
Matteo has noticed the same change in attitude, noting that executives want specifics regarding how the vendor will help them.
Awareness Month Announced
October has been declared Cybersecurity Awareness Month, according to the National Cyber Security Alliance.
The alliance urges businesses accessing the internet to “own their role in cybersecurity,” beginning with the basics. That is, creating strong passwords, using multi-factor authentication, backing up data and updating software.
“With the basics I would include security awareness training” for the workforce, Matteo said. That includes reminders to employees not to click on questionable email attachments. Monitoring is also essential, he said. “If you’re not monitoring, how do you know you have an event?”
Matteo said he has seen instances where resource-constrained companies don’t get ahead of cybersecurity problems.
He has also seen companies with no contingency plan approach a breach with an ad-hoc, “deer in the headlights” reaction. It is better to have a business continuity plan and see how it works in exercises.
Cautionary Tales Abound
Andersen said he has seen the consequences of not adhering to the basics.
He recalled a services provider whose data was encrypted by a hacker, who demanded a ransom for its return. The business opted not to pay the ransom. It was able to recover some 85% of the data, which it had on a backup device.
The business and its IT provider at the time had taken some shortcuts, Andersen said.
The other 15% of the data was lost. The client spent many hours recreating templates and gathering client information.
That wasn’t the extent of the problem. There was the risk the hacker could put the data up for sale on the dark web.
In another incident at another company, Andersen recalled that an insider threatened to share company information publicly, and a tense situation had to be defused.
One takeaway from the incident is that difficult economic times or circumstances may tempt people to do things they shouldn’t.
There is also a lesson related to IT: do not give an employee any more access to the computer system than he or she needs.
CEO: Sean Ferrel
BUSINESS: IT solutions and consulting firm
REVENUE: $20 million
NOTABLE: Managed Solution does business in 17 states
CONTACT: (888) 563-9132
CEO: Dylan Natter
BUSINESS: Information technology services provider
REVENUE: More than $11 million
NOTABLE: Some 15-20% of clients are outside of the San Diego area
CONTACT: (619) 651-8700
Bird Rock Systems
CEO: Jim Matteo
HEADQUARTERS: Sorrento Mesa
BUSINESS: IT service provider specializing in cyber, cloud, network, privacy and compliance
REVENUE: More than $25 million
NOTABLE: The business started in a coffee shop in Bird Rock, near one of CEO Matteo’s favorite surf breaks
CONTACT: (858) 777-1617