By Sid Chadwick, Chadwick Consulting, Inc.
“The unexpected bigger nightmare re. ‘Ransomeware’… is that when (..not if…)…you are infected…and shut down….how do you reimburse your customers…. for what they must now deal with….I’m talking about much more than delayed shipments…..What confidential information from them… did you lose control over?.... Have you closely read those contracts you (and some of your people)…signed…….?”…………………………………....Anonymous
We recently learned that a treasured client was “hit” --- for multiple six figures --- a second time. (They had insurance….) …However…. there’s no assurance these Internet-bases thieves have a sense of honor --- (they’re thieves…!)… they don’t just “hit you” --- once…and… according to the FBI, there are over one million Malware attacks………. every day.
At a recent CEO Peer Group Meeting, where almost all our members were reporting another really good quarter…and year, discussion turned to “Malware and Email Insurance”. One member offered, “I think I’m covered on Email Insurance --- about $15,000 a year is what it costs me.” Someone asked him to check both sets of facts, which he did. (…He wasn’t covered….)
As hard as this is to believe, another member reportedly has “Sales Reps” signing contracts… on behalf of their employer. I’m of the opinion that some of those contracts have extremely punitive clauses re. “disruption of business”…..and for…..”loss of confidential information.”
Dick Vann, our “go-to” security advisor, and CEO Peer Group alumni, recommends… “keeping all systems separated”…. in order that you can attempt to control virus-related disruptions. (Note: I’ve seen his drawings/descriptions, and the process is not as simple to accomplish and secure, as that might sound. His company required annual training of all employees, including written instructions, and signed Agreements…for all employees… on security…and procedure issues. )
Note: Dick’s “semi-retired”… after successfully selling his company. However, he’s selectively available for consultation. He wouldn’t allow me to offer up-front his contact information, saying, “Sid, I’m not looking for any additional gigs --- they’ve got to get cleared through you before they can contact me.”
Harvard Business Review’s November/December issue has a great article, titled, “Sizing Up Your Cyberrisks --- Focus first on threats to your key activities --- not on the technology itself”. A beginning few of the article’s recommendations:
(1) Have senior management, who are not IT experts, read your instructions, and ask questions. Most IT people are “blind” to many overlooked, vulnerable threats,
(2) “Identify” - “catalog” your IT and security systems. Most organizations have far more operating and connected systems (including employee home systems --- that at times are “connected” ) than they are aware,
(3) In particular, identify programming you’ve had developed for your operations. How are those imported systems vulnerable?
(4) Do only those employees who are instructed, and trusted, allowed access to your IT systems. (Are your systems physically secure?)
(5) Are system passwords changed, when an “involved” employee --- leaves? (Note: not all Malware or Ransomeware involve only software. If you manage other important processes, their disruption… can be disastrous ---far beyond your organization. Audit, repeatedly, your vulnerabilities.)
We’ve all worked years to develop our organization’s reputation and our organization’s value.
Yet, the simplest, most innocent practice can be overlooked. Some of us have personnel, who take work home at night, or weekends, to get important files prepared, ready for the next shift. We’ve all read the nightmare re. a pc being stolen from the backseat of a JPMorgan/Chase employee’s car, or a pc becoming silently infected… while the owner was getting a Starbuck’s coffee at a drive-through.
Malware and Ransomware threats… don’t just come from IT-mafia-type thieves in Eastern Europe or Africa. In The Wall Street Journal last week, an article titled, “The Quantum Computing Threat to National Security”, Arthur Herman offers that, “Beijing…spends at least $2.5 billion a year on (IT) research…more than 10 times what the U.S. spends…as China aspires to develop the code-breaking “killer app”… (Could repeated delays in Tariff negotiations, in their design….. contain multiple benefits to China… ?)
Our great industry provides profound contributions to our culture…to our sustained freedom….and way of life…..You and your organization, are part of your contributions…. to your community.
“I speak truth, not so much as I would, but as much as I dare, and I dare a little more, as I grow older.”……………Catherine Drinker Bowen