We can’t put off cyber concerns

The words projected on a screen sent the terse message, loud and clear: Terrorists and criminals no longer have to be in faraway places. Through the Internet, they’re in the room with you.

That was the overarching theme Tuesday throughout the latest Breakfast with the Journal at Embassy Suites. The panelists, Doug DePeppe and Jeff Beauprez, are well-known for their expertise about all things related to the Internet. They minced no words in describing what kinds of real threats face the typical local business — not to mention everyone who uses a computer, for personal or work reasons.

We all should be alarmed, they said, over and over. Seriously alarmed. And if we procrastinate any longer in addressing it, we risk the worst of consequences, including legal liability.

Cyber security no longer is a subject for the future, something to address in another year or two. We should be facing it now, doing whatever we can to minimize our risks.

This task takes several forms. One is simply securing all business (and personal) data, routinely making sure it’s safely backed up via dependable cloud computing technology. That should be the First Commandment for any small business, as we lean so much more on instant access to our work and proprietary information. But that single office computer, or server handling multiple users, isn’t sufficient in today’s world.

Even more ominous, however, is preparing for the certainty of cyber-attacks. Yes, on your business, just as it happens for us. Just one example: Recently we at the Business Journal discovered that outside sources were trying to log in to our online system. They failed — this time. But perhaps next time they’ll succeed. We don’t think they could cause much damage, but it’s naive to think we’re invulnerable.

Consider this scenario, brought up by Beauprez: You have a worker using a laptop, which he or she takes home. Kids turn on the laptop, go on social media or elsewhere, click on unknown links, and the laptop is silently contaminated. It goes back to the office, the worker plugs into your system, and presto, evil malware invades and wreaks havoc. (For the uneducated, malware means software or even simple codes designed to steal private information, access systems illegally or simply paralyze computers.)

Don’t assume those innocent apps for your phone or tablet are automatically safe, either. As DePeppe shared, in 2011 there were 1,000 known instances of phone apps including malware. In 2012, that number rocketed from 1,000 to 350,000.

Scared yet? You should be.

This problem is not going away, and as DePeppe and Beauprez warn, we can’t depend on the government to solve it. The goal for any business now, they say, is not to prevent harmful cyber-attacks. Anymore, the priority is to detect those attacks and respond effectively. They’re using terms now like “cyber risk management” and mantras like “think before you click” on any link, attachment or request, no matter how legitimate it might appear to be.

As Beauprez emphasizes, the cyber strategy for any business should cover these basics: policies, procedures, training and risk management. Not by 2015, but now. We’ll continue to do all we can at the Business Journal to raise the awareness.

But regardless, consider yourself warned.