About a year ago, my comptroller emailed me a message that read: "Hey, it's great you're going to the Super Bowl. Enjoy yourself!"
I wrote back: "What do you mean? I'm not going to the Super Bowl."
His response: "Well, it looks like you just spent $10,000 on tickets."
Today, technology links us to each other like never before through more devices than sometimes seems possible. That's a great thing, of course. It enables us as entrepreneurs to magnify our value, expand our reach and make the entire world our client. But it also exposes our businesses and other assets to threats unlike any we've ever known. Just ask the folks at Target, Sony and Anthem.
Fortunately, we can do plenty to better understand and combat the threats that cyber criminals pose to our businesses. So says Marc Goodman, one of the world's top experts on cyber crime and cyber terrorism as well as the author of Future Crimes: Everything is Connected, Everyone is Vulnerable and What We Can Do About It.
He recently shared his top strategies for how entrepreneurs can thwart cyber criminals -- and prevent our most sensitive and important assets from getting hacked.
1. Create an open source intelligence program on your company. Right now -- and certainly in the future -- it's highly likely that there are people out there discussing how to hack your company and your executives. Sensitive information like your intellectual property and your client lists are leaking and showing up online. Unfortunately, most entrepreneurs don't know this is happening until something bad occurs -- the cyber-thieves use the stolen information in ways that hurt your business.
One simple way to help combat this problem is to create Google Alerts on your company to see if hackers are talking about you on hacker message boards and other online gathering places for cyber criminals. Larger companies might go a step further and use third-party monitoring services or build their own in-house teams to do the job, particularly on the deep web where most hackers ply their trade.
2. Hack yourself. A whopping seventy-five percent of corporate IT systems could be penetrated by hackers within fifteen minutes, according to study by Verizon and the U.S. Secret Service. Another study showed that the average length of time from the moment the hackers break into a network until they are discovered is two hundred and eleven days.
The upshot: For seven months, bad guys could be roaming around your network, copying everything and seeing what you have that they want -- and you would have no idea!
Your assumption should be that cyber-criminals are already within your walls. In that environment, the old model of building barriers to keep intruders out obviously doesn't work. Instead, you need to start going after the thieves and proactively hunting them down. Goodman calls this red teaming -- a Cold War-era term used in military exercises. America was considered the blue team, the Soviets were the red team. The red team would go up against the blue team and try to break into America's systems and launch warfare.
Whether you do these exercises with people in your own company or you bring in outside experts, you should try to break into your own systems to see if you can and to see what you can learn -- because the bad guys are either already doing it or they can choose to do so at a moment's notice.
3. Get the right help and make sure they coordinate. Most dedicated IT people at medium-sized and large firms are extremely talented and qualified to deal with technology. But they don't have the background or training to understand cyber crimes or how today's Internet-based criminals operate -- and in today's world, that's exactly the expertise you need. Chances are, your CIO and your head of IT security should be two different people. You need somebody in charge of your risk management and security who is as good at their job as you are at yours.
Important: Don't just assume that all you need to do is fend off some shadowy figures in an Eastern European country. Do your due diligence on your employees and contractors too.
4. Be careful where you store your money. Most people -- including entrepreneurs -- don't realize that personal bank accounts and business bank accounts are governed by two completely different sets of laws with different rules:
- Personal bank accounts come with FDIC insurance that covers you in case of loss or fraud. Most personal accounts give you up to 90 days to report fraudulent activity in your account.
- Business bank accounts are typically covered by the Uniform Commercial Code. If there's a problem with your business account -- if you're hacked or if money goes missing -- you have just 24 hours to notify your bank. Wait longer and you're on the hook for the loss.
Criminals have realized this dichotomy and adapted accordingly. In the old days, they would go after people's personal bank accounts -- and the banks would mobilize resources to go after the thieves. But on the business side, there's little incentive for banks to investigate because your company is going to eat that loss.
Best bet: Do not keep huge amounts of money in your business account, if possible, because it's irresistible to the bad guys. If you do, make sure that you are set up to get an immediate alert notifying you if an abnormally large amount of money is transferred from the account.
Give yourself the tools you need to excel in your business and in your personal life. Check out the insights, tactics and actionable strategies from today's top entrepreneurs at AES Nation.