Q: What do you tell clients who feel that antivirus and firewall are enough protection against a cyberattack?
Hassel: Recent newsworthy events (for those that still don’t believe the rhetoric coming from the IT industry) show that it’s never enough to say we’re too small, no one will bother with our company. Or, we have a firewall. Cyberattacks can come at a company in many ways from savvy intruders who may have infiltrated a network or workstation. Think about adding an extra layer of protection such as IDS or IPS to give an extra layer of defense to protect.
Q: What is your response to clients who don’t think that their business is big enough to be concerned about a cyberattack?
Hassel: There is not a company too small to be subject to an attack. The SMB market is a prime target just for this reason—easy pickins! Loss of client PII and critical files is very disruptive and a huge expense to recreate (assuming not backed up to protect against such situation).
Q: Is cybersecurity a one-stop shop?
Hassel: Absolutely not. You have so many different layers to work on from employee phishing training to good endpoint security protection. Work with MSP partners and your own internal IT staff to keep your data and network secure.
Q: What all goes into developing a strong cybersecurity strategy?
Hassel: You need to have regular compliance reviews to see where your vulnerabilities may be. You need to determine where the technical or organizational risks lie and then develop strategies to correct them. Check your systems for two-factor authentication, patch management, using proxies and firewalls. And don’t forget that all too overlooked security awareness training. You are only as good as your employees!
Q: What industries are doing a good job with cybersecurity and how can other industries replicate that success?
Hassel: Everyone needs to step up their game. No one is isolated from the government to big business.
