Prevent Ransomware and Improve Productivity - Pandemic Lessons

Sean Kline

Surviving the pandemic for small businesses has been challenging enough without the ever present threat of ransomware and other cybersecurity breaches.  Here are some takeaways based on my many discussions with leaders in these organizations:

• Deloitte reported that "47% of individuals fall for a phishing scam while working at home."
• CBS said, "For companies, the average cost of a data breach soared to $21,659 per incident during the pandemic, with most incidents ranging from as little as $800 to more than $650,000, according to a new report from Verizon."
• McAfee Enterprise and FireEye found that "81% of global organizations experienced increased cyber threats during COVID-19"
  
  

Whether it was a specific company incident, media induced angst or a peer saying, "you better watch out...", we have observed a marked increase in appetite for cybersecurity audits.  This is a good thing because some of the issues we have uncovered include open ports in inadequate firewalls, out of date firmware which may lead to breaches, networks that do not segment sensitive data, more administrative accounts than recommended and a host of password and security policy problems.

Strategy is increasing in importance.  There is an increased desire to work smarter, not harder, as it relates to technology foundational to small businesses.  Executives are feeling the pain of a reactive IT process and recognize that a lack of planning has led to the above issue of risk as well as poor productivity.  Forward looking leaders not only want their IT to be predictable, but to align with their business vision.  Here are a few symptoms of a poor strategy or non-existent strategy process:

• High-value employees reacting to IT emergencies or spending time solving issues
• Having to bring ideas to the IT provider (whether internal or external) rather than the other way around
• A high number of issues (e.g. 1-2 per employee per month) impacting productivity, hence profit
• Unexpected expenses due to aging or improperly selected infrastructure
• Lack of a long-term vision (one year ought to be locked down and multiple years sketched out)
• Opinion-based versus fact-based strategy process
  

The supply chain really is stretched.  Lead times are months to a year in certain cases for key infrastructure, like computers, docking stations for laptops, network infrastructure and servers.  Having a strategy process is the foundation for mitigating this, but it also takes early placement of orders, solid forecasting (employee hires, for example), a process to streamline onboarding and stocking inventory where appropriate.  There are many companies whose revenue is directly tied to the speed with which new employees become productive.  In this hiring market, there may not be a long lead-time between interview and start date, so reacting to a new hire as it relates to supporting infrastructure is a recipe for disaster.  Successful companies are developing a close relationship with their IT provider, sharing information freely, investing appropriately and working as a team.  If the IT team is chasing their tales solving problems all day, they will not have time be this kind of partner.

Key Takeaways:

• Be sure to audit cybersecurity infrastructure and remediate as needed
• Implement a fact-based, rigorous IT strategy process to prevent unexpected downtime and improve employee productivity
• Plan ahead for the ever stretched supply chain through forecasting, knowledge sharing and stocking, where appropriate