6 Reasons Why Entrepreneurs Should Take Security Seriously
Of all the rules and advice available about running your own business, the best pertains to what mistakes to avoid. At the top of the list of mistakes to avoid as an entrepreneur, you should not do everything yourself.
By default, when an individual chooses to do something, they are choosing not to do something else. Yet despite that simplicity, the inclination to do it all in entrepreneur mode is tempting. We want to know every brick of our business and we are willing to ascribe to the icon of hard work and high rewards. The reality is, there is too much on the line and you could be doing other things that you are much better at. It’s a powerful choice that separates leaders from the rest of the pack. In his book Good To Great, Jim Collins calls it level V leadership, a level we all aspire to be at.
Choosing what your organization does and does not do is one of the most critical leadership tasks imaginable. This choice applies to our most precious digital assets as well. Information needs to get where it needs to get in a way that is safe.
You are not an expert at everything in technology even if you are a technologist at heart. If you try, you end up doing less than you could have done on a much more valuable task. Once you can afford it, hiring experts has tremendous advantages, especially when you regain time and opportunities in doing so.
When it comes to IT security, however, you just can’t face these challenges alone. Cybersecurity is not a finish line initiative where you can roll out a tool of some sort and call it a day. The threats are ever-changing and escalating, meaning that protecting your business means keeping a continual watch on your assets and you must never let your guard down towards the ever-evolving vulnerabilities. The risks are just too great to “roll your own.”
These are the top reasons why, as an entrepreneur, your IT security should be taken seriously.
- Impossible Task: Across the globe, more than 30,000 websites are hacked daily. A new attack happens somewhere every 39 seconds. More than 300,000 new pieces of malware are created each day. DDoS attacks, malicious apps, phishing, zero-day attacks, and other security concerns threaten every business, even the small ones. Your adversaries are not individuals but nation states, criminal organizations, and hive-minded hackers. No entrepreneur can do this alone and just because an incident has not happened to you, it does not make you immune.
- Reputation: Nobody is immune to the damage of reputation that comes in the wake of a cyber incident. Consider the value and reputation loss for companies like Solar Winds, FireEye, and others, and the association with their founders, executives, and company boards.
- Financial Losses: An incident can wreck your finances for good. Between recovery efforts, penalties, and loss of income, a cyber incident can affect a small company’s bottom line significantly. A 2017 Ponemon Institute study put the average cost for small businesses at $500,000 per incident. This calculation only scratches the surface of legal costs, compliance penalties for HIPAA, GDPR, lost revenue due to downtime, etc.
- Losing the Board and Investors: The Board of Directors and investors have a stake in the sanctity of the business. There is nothing like a cybersecurity incident and a chain of business ownership crisis to put one at odds with these critical business advocates. The perceived savings of executing your own security is simply not worth it.
- Endanger Employees: Taking on security alone can endanger your employees, who are your most important asset, through the theft of employee data, including sensitive HR files, dates of birth, financial information, and more.
- Financial Theft: Cyber thieves, in many manifestations, are out there. Whether it’s a lone hacker, a team of criminals, or a nation-state organization, there are high values placed on the extraction of financial data and the methods being used are crafty, escalating, and unpredictable.
At the risk of repetition, understand that entrepreneurs know their businesses, but they are not experts at everything. When the likes of security giants like FireEye fall to modern, sophisticated cyberattacks as we’ve seen in recent news, you should get a sense of how critical it is to not take on the challenge of cybersecurity alone. Focus on the things you do best, and stop doing the things you shouldn’t be.