Kevin West on how to protect your business from cyberthreats
Your business may be at risk for cybercrime. Learn how to protect your employees, customers and reputation.
Twenty years ago, the internet was new and exciting — a place of adventure. The biggest network concern business leaders had was productivity.
A lot has changed since then. And one information security company has been along for the ride.
"When I started K logix in 2001, the internet was all rainbows and unicorns. It was more of a distraction for organizations and their employees surfing the internet all day," says Kevin West, founder and CEO of K logix, an information security company based in Massachusetts. "And cybersecurity was a preventative matter around productivity and permissions not ransomware."
"Cybersecurity affects every business. So we all have to take steps and measures from a cyber standpoint to maintain customer relationships."
– Kevin West, founder and CEO, K logix
As measures were being taken to limit access and permissions among employees, businesses realized they also had to protect against internal and external threats, so they started to think of cybersecurity in a new way. And so did West.
With K logix, he answered the call to approach security as a strategic issue central to businesses rather than as a tactical fix.
"It’s not just about buying something and saying you’re secure. It takes people, process and an investment in technology. All three must work together," says West. "We help businesses by looking at the way they operate today as a baseline, identifying any gaps that may create risks and developing immediate and long-term initiatives. Our goal is to reduce risk and increase our clients’ preparedness and response capabilities to cyberthreats."
For businesses that don’t have an outside company to protect against cyberattacks, West outlines steps you can take to keep pace and protect your business.
Shift your focus from prevention to reaction
New technologies and cyberthreats will continue to emerge. If somebody wants to get into your business, they’ll attempt to find a way. You can’t control that. The one thing you can control is your reaction time. That’s why having a plan is crucial.
If you’re infiltrated, how will you know? What steps will you take? How fast can you react and remediate? It’s important to communicate with not just your executives but also your employees on how to protect the integrity of the data while they’re working on-site and from home.
Learn to speak the same language
Business owners love technology because it allows them to do more, faster. They often speak about it in financial terms. But it’s harder for them to envision the risk side of connected networks beyond productivity and increases in profits and growth.
Security folks sometimes struggle to have productive conversations with executives about the value of investing in a cyber program. Getting across the positive impact it has on securing both employees and customers might be challenging for some.
The problem? They often speak two different languages. This language barrier creates missed opportunities and delayed action to keep pace with the continuous changes taking place in all aspects of technology. And that increases risk.
The biggest value K logix provides from a consulting standpoint is bridging that gap so both sides are speaking the same language. "We work with customers to help them assess risk within their business. We guide them on where the business operates from a cybersecurity standpoint and key areas to focus on. We highlight the business and customer impact if known risks are not addressed. Businesses that embrace cyber often use it as a competitive advantage through their commitment to securing and protecting their customers and data," says West.
Realize it’s not just a big business issue
No matter the size of your business, if you have employee, customer or intellectual information, you’re at risk. As a business owner, it’s your responsibility to identify and monitor where and how that data is used and ensure it’s handled responsibly.
While many smaller businesses don’t have the cyber skill set or resources to protect their organizations, there are solutions. Work with an outside company to receive cyber advisement and ongoing services to support your network, computers and data. That way you can concentrate on what you do best: running your business.
Make employees part of the solution
For most cybercriminals, the easiest way in is to take advantage of employees. These phishing exploits, as they’re known, often prove successful for cybercriminals not because employees are malicious but because they don’t always know what to look for.
Phishing emails can be very convincing. They look like they’re coming from a boss or a colleague but actually are coming from hackers. It’s important to look for nuances that may not match up. Maybe the tone of the email doesn’t sound like the indicated sender, the content doesn’t make sense, or there are more typos or misspellings than usual.
This is one instance where smaller businesses may have an advantage. With fewer employees, it may be easier to double-check that it was actually sent by the person on the email. For larger companies, that may not be so easy. Simple and ongoing training can help reduce the number of emails being clicked. Some companies even test employees and reward them for reporting any emails that seem suspicious.
It’s important to teach employees how to be secure both at home and on-site. But keep in mind that if cybersecurity isn’t valued from the top down, it will be hard to get employees to take training and awareness efforts seriously.
Treat cybersecurity as a selling proposition
Customers and employees expect their information to be protected, but that’s not always a given. Savvy customers may want to know what systems and processes are in place to ensure their information is safe.
A good business strategy is to be able to answer their questions and proactively promote the security measures you’ve taken. This simple step could help build consumer confidence and give you a leg up on the competition.
Demand more from your partners
"It’s not enough to be serious about your own business’s security measures. Be sure any business you partner with shares your values and builds layers of protection into their own company," says West.
"That’s one of the reasons we’re so comfortable with Chase," he says. "Security is at the forefront of their values. You don’t have to search for information or ask about it. It’s front and center. They promote cybersafety as a positive, confident aspect of their relationships with their clients."
If you have a credit card processor, ask how they’re protecting the integrity of your credit card transactions and ensuring that customer data is private and secure during transactions.
Ensure your house is in order
No business is too small to be compromised. That’s why it’s important to take steps before it’s too late. Analyze your current business operations and processes. Identify any gaps and vulnerabilities that could open the door for cybercriminals. Put a plan in place so you can bounce back quickly in case you do suffer an attack.
"Rome was not built in a day, and cybersecurity cannot be built or matured in one day, or even one year. But you must have a path, and you have to earn the right to move to the next phase of that path," says West.