Having trouble logging in to your MyACG portal? Please click here for instructions to log in.
The computer, tablet, phone or watch you are reading this article on: how secure do you think it is? Do you think a bad actor from anywhere in the world could hack your system and steal not just your data, but that of your customers?
Chances are, you aren’t secure, and anyone could. It’s happening on a daily basis to companies large and small. If that doesn’t scare you, wait until you hear the rest of what a panel of speakers at the ACG August breakfast had to say about cybersecurity, or the lack thereof in many of our companies.
The panel featured Eric Foster, president at CYDERES; Travis Holt, co-founder and Technology, PE, & VC team lead at bcp tech; and Alex Boyd, data privacy attorney and CIPP/US at Polsinelli.
The need for cybersecurity isn’t new, the three emphasized. But the need is ever-increasing, and that’s a change in just the last 10 years especially, Holt said.
“It used to be just one guy doing ransomware,” Holt said. “But then he discovered he could make money selling kits to do it. Now, he sells them and most of the people doing it don’t know how to make it happen, they just take the data and run.”
Cybercrime is big business, Foster said. From ransomware to malware to email phishing schemes, it’s all around these days. What’s the difference?
Malware makes documents and records unreadable.
Ransomware involves hacking into a system and deploying software that holds the documents/records for ransom. For many companies it comes down to paying an exorbitant amount of money to get the data back or risk having their story and their customers’ data on the front page of The Wall Street Journal.
Email phishing schemes are more sophisticated, but are basically the old, “I’m a Nigerian prince and I need money,” idea. Click here to help and instead of helping, your email and private information and that of your clients is laid bare for the world to see.
A big part of the problem, these experts admit, is that the bad actors are seemingly always one, two or 50 steps ahead.
What’s a company to do? First, call in the professionals. Because most corporate IT employees are generalists, they aren’t equipped to deal with a hack of their systems on a widespread basis, Holt said. It’s not that they aren’t good at what they do, it’s just that fending off Russian or Chinese hackers is a learned skill.
“We had an auto parts distributor who looked at us underwriting them,” Holt said. “We could see that the hackers were already in their system, just sitting and waiting to go. (The company’s) IT people denied that they’d already been hacked. Three months later their system was taken down by the guys we said would do it.”
How do you prepare and protect your company? Foster suggests starting with prevention in the form of multi-factor authentication and password protections.
“Limit the number of times a password can be used before it has to be changed,” Foster said. “If it’s too hard to keep track, use an app like Last Pass or One Pass that will track them.”
Next is monitoring your systems so you know when something bad is happening.
“Microsoft and Google are both doing a lot to help users,” Holt said. “Get Microsoft Defender – pay to do it and it will eliminate 95-99 percent of email threats.”
Third, have a response ready. Take the time to develop a cyber crisis plan, Foster said.
Boyd also reminded the audience to be careful who information is shared with, both inside your company and outside.
And lastly, Holt said that, like anything in business, the commitment to cybersecurity starts at the top.
“Leadership has to encourage everyone to take it seriously,” Holt said. “You have to have a comprehensive strategy. You can’t just set it and forget it – you have to engage in it on an ongoing basis.”
DealMAX®, presented by ACG, is the middle market's can’t-miss M&A event. Join 3,000 dealmakers on April 7-9 for one-on-one meetings, networking, industry insights, fun and more.