6 Reasons Why Entrepreneurs Should Take Security Seriously

Being an entrepreneur involves some serious hustle in order to make a dream a reality. While it can be tempting to handle everything on your own, cybersecurity requires teamwork.  Read this piece from Ntirety CEO Emil Sayegh, originally published in Forbes, to learn more about why cybersecurity should always be a part of an entrepreneur’s strategy. 

 6 Reasons Why Entrepreneurs Should Take Security Seriously 

 Of all the rules and advice available about running your own business, the best pertains to what mistakes to avoid. At the top of the list of mistakes to avoid  as an entrepreneur, you should not do everything yourself. 

 By default, when an individual chooses to do something, they are choosing not to do something else. Yet despite that simplicity, the inclination to do it all in entrepreneur mode is tempting. We want to know every brick of our business and we are willing to ascribe to the icon of hard work and high rewards. The reality is, there is too much on the line and you could be doing other things that you are much better at. It’s a powerful choice that separates leaders from the rest of the pack. In his book  Good To Great, Jim Collins calls it level V leadership, a level we all aspire to be at. 

 Choosing what your organization does and does not do is one of the most critical leadership tasks imaginable. This choice applies to our most precious digital assets as well. Information needs to get where it needs to get in a way that is safe. 

 You are not an expert at everything in technology even if you are a technologist at heart. If you try, you end up doing less than you could have done on a much more valuable task. Once you can afford it, hiring experts has tremendous advantages, especially when you regain time and opportunities in doing so. 

 When it comes to IT security, however, you just can’t face these challenges alone. Cybersecurity is not a finish line initiative where you can roll out a tool of some sort and call it a day. The threats are ever-changing and escalating, meaning that protecting your business means keeping a continual watch on your assets and you must never let your guard down towards the ever-evolving vulnerabilities. The risks are just too great to “roll your own.” 

 These are the top reasons why, as an entrepreneur, your IT security should be taken seriously. 

 

  1. Impossible Task: Across the globe, more than 30,000 websites are hacked daily. A new attack happens somewhere every 39 seconds. More than 300,000 new pieces of malware are created each day. DDoS attacks, malicious apps, phishing, zero-day attacks, and other security concerns threaten every business, even the small ones. Your adversaries are not individuals but nation states, criminal organizations, and hive-minded hackers. No entrepreneur can do this alone and just because an incident has not happened to you, it does not make you immune. 
  2. Reputation: Nobody is immune to the damage of reputation that comes in the wake of a cyber incident. Consider the value and reputation loss for companies like Solar Winds, FireEye, and others, and the association with their founders, executives, and company boards. 
  3. Financial Losses: An incident can wreck your finances for good. Between recovery efforts, penalties, and loss of income, a cyber incident can affect a small company’s bottom line significantly. A 2017 Ponemon Institute study put the average cost for small businesses at $500,000 per incident. This calculation only scratches the surface of legal costs, compliance penalties for HIPAA, GDPR, lost revenue due to downtime, etc. 
  4. Losing the Board and Investors: The Board of Directors and investors have a stake in the sanctity of the business. There is nothing like a cybersecurity incident and a chain of business ownership crisis to put one at odds with these critical business advocates. The perceived savings of executing your own security is simply not worth it. 
  5. Endanger Employees: Taking on security alone can endanger your employees, who are your most important asset, through the theft of employee data, including sensitive HR files, dates of birth, financial information, and more. 
  6. Financial Theft: Cyber thieves, in many manifestations, are out there. Whether it’s a lone hacker, a team of criminals, or a nation-state organization, there are high values placed on the extraction of financial data and the methods being used are crafty, escalating, and unpredictable. 

 At the risk of repetition, understand that entrepreneurs know their businesses, but they are not experts at everything. When the likes of security giants like FireEye fall to modern, sophisticated cyberattacks as we’ve seen in recent news, you should get a sense of how critical it is to not take on the challenge of cybersecurity alone. Focus on the things you do best, and stop doing the things you shouldn’t be. 

 Check out this piece, originally published in Forbes, here and follow me on LinkedIn

Why Security Maturity is Necessary for Your Business

A security maturity model is a set of characteristics that represent an organization’s security progression and capabilities. According to CISOSHARE, Key Processing Areas (KPAs) in a security maturity model are practices that help improve a security infrastructure 

These KPAs include:  

  • Commitment to perform  
  • Ability to perform  
  • Activities performed  
  • Measurement and analysis of the results
  • Verifying the implementation of processes  

Levels of security maturity range from 1 to 5, with the lowest level of security maturity being one and the highest level of security maturity being five. Various industries lie within these levels, depending on their security needs. The retail industry typically falls under Levels 2 or 3, manufacturing falls between 3 to 5, while Fintech and Healthcare are between levels 4 and 5 due to the high levels of compliance needed in these industries.  

Ntirety details these levels of security maturity by detection, response, and recovery times:  

  • Level 1 (Vulnerable)  
  • Time to Detect: Weeks/months  
  • Time to Respond: Weeks  
  • Time to Recovery: unknowable
  • Recovery Point: unknowable
  • Compliance: None  
  • Level 2 (Aware & Reactive)  
  • Time to Detect: Days
  • Time to Respond: Hours
  • Time to Recovery: 1-2 Days
  • Recovery Point: <2 days data loss
  • Compliance: Internal Objectives

  

  • Level 3 (Effective)  
  • Time to Detect: Hours  
  • Time to Respond: Minutes  
  • Time to Recovery: Hours  
  • Recovery Point: <24 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 4 (Compliant)  
  • Time to Detect: Minutes  
  • Time to Respond: Minutes
  • Time to Recovery: Hours
  • Recovery Point: <6 hours data loss
  • Compliance: Internal & 3rd party  

 

  • Level 5 (Optimizing)
  • Time to Detect: Immediate
  • Time to Respond: Immediate
  • Time to Recovery: Immediate
  • Recovery Point: <15 min data loss
  • Compliance: Internal & 3rd party  

How Ntirety Helps With Security Maturity: 

With over 20 years of industry experience, Ntirety understands how to support a business’s cybersecurity maturity needs and follow the necessary processes to ensure a smooth transition into IT transformation.  

For a company to appraise their security maturation with Ntirety, the first step is to have a conversational assessment with our team to determine the security gaps in your business’s cyber infrastructure. Our team can see where your business lies in the security maturity framework and compare it to your goals by answering some questions. Whether it is a particular industry vertical that your company falls under, you are adopting best practices within your IT infrastructure operations, or it is a board mandate, we can help formulate a plan based on your business’s needs.  

Following an assessment, the Ntirety team can detail how to improve Protection, Recovery, and Assurance. Ntirety’s Guidance Level Agreements (GLAs) can help improve these areas by optimizing availability, security, performance, and costs. Ntirety is committed to securing the “entirety” of your environment through solutions that identify, inventory, and protect the entire target environment. Ntirety’s Compliant Security Framework covers the security process from establishing your security design & objectives through protection, recovery, and assurance of compliance to your security requirements.  

One mistake we often see with companies is the idea of doing it themselves being a safer option. While resourcing a cybersecurity solution internally may seem more manageable, it can be far more costly and take away from other essential business functions. Here are the top 7 reasons to outsource security:  

  1. Finding and maintaining a talented SIEM/SOC team is expensive
  2. The benefit of trends and detection of other customers
  3. Accessing more threat intelligence and state of the art technology
  4. Long-term Return on Investment
  5. Outsourcing lowers the Risk of conflict of interest between departments
  6. Enhancing efficiency to concentrate on your primary business
  7. Scalability and flexibility 

For more details on securing your cyber infrastructure, watch our most recent webinar and schedule an assessment with us today.