In August 2020, Interpol warned of the “alarming” increase in cyberattacks during the COVID-19 pandemic. “In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of Interpol’s private sector partners,” states the report.
As the global economy shifted to remote work and more of our business and social lives rapidly made a digital shift, the opportunities for cyber-criminals and malicious actors grew. “Increased online dependency for people around the world, is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date,” continues Interpol.
Vertical market software companies are not immune to this growing threat and company leaders should understand how to protect their businesses and customers.
Leigh Heritage, director of data security at Volaris Group works with executives across the Volaris portfolio to help them manage threats and improve their cyber-resilience. With 24/7 managed services, coaching, training and threat intelligence, Heritage and his team help companies understand the threats they face and how they can proactively manage the risks of data loss or breach.
“We can help companies understand types of attacks they will face due to their market, their customer profile, and trends in their vertical,” said Heritage. “It can be worrying to read the headlines and see huge data breaches like SolarWinds or the DNC attack. No one wants to be part of a breach, but it can be tough to know practically what to do.”
At Volaris, it starts pre-acquisition
As an active acquirer of vertical market software firms, Volaris sees firsthand how smaller companies may struggle to resource cybersecurity.
“We look at dozens of data points at firms we’re considering acquisition of to understand their regulatory compliance requirements, inherent risks current posture to determine what we will need to do to get them up to our minimum standard. Some companies, especially those with some experience in security, do a great job on this front, but for many they are unsure of where to start and what investments to make.”
Volaris helps put a standard package of security technologies in place and can support with activities like scanning code for vulnerabilities or carrying out security audits. It’s a pragmatic approach that helps executives focus on actions that will have the most impact.
“It is absolutely critical that we help companies be great stewards of their customers’ data. It’s the right thing to do, but also it is important to maintaining brand reputation and credibility in their markets. No one wants to be in the news for a ransomware attack,” said Heritage.
How executives should approach data security
Heritage’s advice to executives is to focus on the moves that can have the most immediate impact. “When we look at cybersecurity or data privacy, we take a pragmatic approach. Let’s get you set up with the processes, programs and tools that are going to have the most impact,” said Heritage.
For vertical market firms, this means understanding the specific threats affecting their profile and their market. Industries and sectors such as government, transit or healthcare may need to take a more stringent approach than industries that face fewer targeted attacks. Get an understanding of the threats in your industry – how sophisticated they are and where they will most likely attack – and build a strategy that is informed by this intel.
Executives also need to get a handle on where their data resides; you should have a complete view of where your data is being stored. What systems store financial data? What data types do you hold? You cannot protect what you cannot find, so start by mapping your systems, business processes and data sensitivity.
As more of your team works remotely you cannot protect employees in the same way. Your employees’ home routers may never be as well maintained as your office networks. This means that security approaches need to shift. Focus on protecting data and securing endpoints – not just company networks. It’s a move that will add value once we are all able to travel again, too. As companies move back to more frequent business travel, strong security practices designed for remote work will also help protect your company’s road warriors when they log onto the hotel’s free Wi-Fi.
Leaders should take a holistic view that recognizes that sometimes the weakest link can be human error. Taking care of the small stuff like phishing literacy training, stronger password requirements and approval processes for SaaS applications can make a big difference to your overall security posture. Don’t forget the role that security awareness, intelligence and training play in maintaining a culture of security in your organization.