Hi, Scott Munden here from Huntleigh Technology Group.
We wanted to thank everybody for the fantastic response we’ve been getting on our tips and guidance on a variety of different cybersecurity topics and welcome you to our video series that will be rolling out over the next several months.
Today’s topic is related to third-party assessments.
Regardless of where you get your news, we’re all hearing about data breaches all the time and they’re usually substantial breaches, which is why they make the news.
The reality is that a lot of cyber attacks, in fact, majority of cyber attacks are actually on small businesses, and we don’t ever hear about those. And depending on what reports you rely on, it’s somewhere between 40 to 50%. The other alarming and unfortunate part of that is that 60% of those small businesses don’t survive the year. In other words, they don’t make it.
I speak to a lot of my colleagues and fellow entrepreneurs and first of all, it’s a lot of times it’s not even on their radar, but they have a couple of key questions.
First is, you know, they really don’t understand it and they don’t understand why they might need that. And I always start by just saying, understand what your appetite for risk is.
In other words, ask yourself the question, if my business was down or my business systems were down for 26 days, which is actually the average time to recover from an incident, what would be the impact on my business? And if the answer to that question scares you, which for most of us it probably would, then at least you’re starting to understand what your appetite for risk is.
And then the next most obvious question is, where do I start? what do I do? and my 100% of the time, my answer is always start with a third party assessment, regardless of how you run your IT, whether you use a provider, whether you have in-house, whether it’s kind of ad hoc. A third party assessment, first of all, it’s going to be unfiltered.
Everybody wants to think that they’ve got things under control. But we were human beings and we never know what we might be missing. So a third party assessment is going to give you that unfiltered view.
The other thing it’s going to do is help you map those risks and the categories of risk back to the first question, which is your appetite for risk. And it gives you the ability to start planning and deciding and making informed decisions about the things you want to focus on, your time and your resources and your money, of course.
So I urge you all to consider third-party assessments as a starting point. If you’re already well into your cybersecurity path or your journey, a third-party assessment on an ongoing basis, in fact, is sometimes a requirement for cyber insurance or other compliance requirements. So I would, in those cases, still urge you to use third-party assessments.
In any case, that’s my message for the day. Keep looking at our posts and our guidance and our tips. You can find them on our site or you can find them here.
Thanks again for the fantastic response and we’ll look forward to providing more information going forward.