We All Live in a Bad Neighborhood

Back in the Stone Age (Late 90’s/Early 00’s) people referred to the internet as a Superhighway. It was a way of connecting to far off places without interacting with the points in-between. While the way the internet works hasn’t changed, our understanding of its interconnectedness has. When it comes to the internet superhighway, it’s not a highway with separate exits rising above all the mundane traffic below. We are more aware now than ever how close together we are online. Rather than a long “trip” to reach the other side of the world, we find that geographically far off places are sometimes closer online than geographically close places offline.

Oftentimes I hear business leaders say, “we don’t need to worry about security, we aren’t a target”. By this they mean “I don’t live in a bad neighborhood, I don’t see a lot of crime, so I don’t think I need to worry about crime”. It is the proverbial small town where no one locks their doors because crime is a problem for other people, who live far away. But the internet is more like a single suburbia. you can’t say you don’t live in a bad neighborhood. On the internet, we live so close to each other, that everywhere is a bad neighborhood, and we all need to have good locks.

A previous article on good enough security I wrote titled “Secure or Secure enough?” really flows together with this idea. Business leaders need to understand that the internet makes us so connected, that we are all at risk, and need the appropriate levels of protection. Now “Management’ is ultimately responsible for determining when security is ‘good enough’, but at a high level, we are talking about knowing what people, devices, software, and external connections are present in your environment. It doesn’t do much good to have a grade A firewall (lock) but have an insecure connection whitelisted through the firewall. That is like locking the front door but leaving the back door unlocked.

Right-sizing security to business needs is a skill. One which you can expect to have a substantial price tag. But it is an investment in both protecting your business, and in ensuring long-term viability. I so rarely see discussions on the return on investment (ROI) for security, but there is no better investment you can make in your business than security. Both in the protection of current revenue and profits, but in the increased profitability by reducing the cost and losses from incidents, whether criminal, natural, or unintentional.

We are all in a bad neighborhood, but we are not all at the same risk. Keep your doors locked and an eye on security, and your business will thrive.

Cyber-Security, Insurance, IT Security