Friday, August 9, 2013

Silence Ain't Golden

I'm a gun guy.

I shoot frequently, I attend as much training as I can, I research gear incessantly, and I am constantly staying up to date on what is "best of breed" in the industry. I network with folks to get news on trends and understand why a product does or does not work. This social connection is the single most important influence in my purchasing.

I read books on tactics, mindset, preparedness, and avoiding violence in the hopes of one day being able to use that knowledge to help myself and those around me should I ever be in a situation where it is needed.

I owned a small profitable business. I am very active in social media. I have many terabytes of information stored across disk arrays in my house that make my electricity provider very happy.

I spent MANY years at a top networking company in the IT organization.

I own a big dog.

Nutshell, I take my environment and situational awareness very seriously.

Why is it then that until recently, I did not take the same precautions with my digital security?

Why? Because when I step away from my keyboard, I don't see anyone in my environment that can physically harm my equipment. And this is bad.

As a small business owner, I rely on my systems to work when I need them. I do not want to find myself in the Ron Burgandy-type situation of saying that "60% of the time, my credit card processing works every time"

I also do not want to leave myself open to unknown threats.

Now more than ever, SMBs are hosting their websites, card processing, customer data, and financials out in the cloud. Often times, these systems are secure at the individual account level, but what about the host themselves? Are they not subject to attack? Do you know the ins and outs of their disaster recovery or intrusion prevention strategies? No? How does that make you feel?

Let's suppose you are a brick and mortar retail owner that runs Quickbooks on their personal laptop in the office, and then goes home or to a coffee shop and surfs the web and checks email? You happen to unknowingly install malware. This vicious little bit of code then contacts a Command and Control server (CNC) and alerts the hacker that info is ready for the taking. From that point, you, your financials, and your customer data are compromised. Depending on the sophistication, your machine can then be used to penetrate others.

Point is, most small companies or individual businesses do not spend enough time considering the implications of the security of their data environment. They expect that their backups are being backed up by some geek in a closet, and if something goes wrong, they just get restored and running without a hitch. Unfortunately, most of us learn the hard way that this is far from reality.

As business owners, we host with companies that are recommended by friends. We use products recommended by peers. We read Amazon reviews religiously. Why is it then that we don't use the same peer group style of interaction to maintain vigilance over our digital world? Because we don't want anyone knowing our business.

This is where I have changed my point of view. As a life long student, I find that the best way to learn is to talk to the folks that have been there and done that. The people that are experts in their fields and are more than willing to give me advice to spare me pain. Freeing myself of my own ego in this regard has allowed me to learn more than I ever imagined.

The moral of the story:
As individuals, we spend an infinite amount of time and energy preparing ourselves for physical situations, but rarely apply the same consideration to our digital lives. We're afraid to reach out for help or talk to others for fear of appearing weak.

It's time to change that mindset. This isn't about being weak. It's about becoming strong. Take a look at what is going on over in Beadwindow® at Wapack Labs. These are the experts that can help and they are doing it by the best way we as humans know how: by talking to each other.

Join our conversations.