Constant Vigilance Is the Price of Cybersecurity
Change takes time, but it seems that businesses in general, not just large enterprises, are realizing that cybersecurity isn’t a fad but a key part of most modern businesses. Wayne Hunter, Founder and CEO at AvTek Solutions, Inc., has been preaching that message for years and we recently had the chance to interview him.
Something unique about AvTek that shows how seriously they take cybersecurity is their $1M guarantee against ransomware. If ransomware gets past the defenses they erect for your company, they will pay $1,000 per endpoint, up to $1M. This guarantee runs alongside their “no risk switch.” If you’re not happy within 30 days of coming to AvTek, they will help move you to another vendor. And moving vendor is easy at any point because AvTek believe in earning a client’s business every day, so they don’t require long-term contracts.
Wayne shared an insightful story about a construction company that AvTek had been working with for years. The company had many recommended safeguards in place that allowed AvTek to help recover the working environments — during a relatively short amount of time — that got frozen in a phishing attack. But the solution that would have helped them get up and running faster was immutable storage, which they had resisted implementing.
One of the advantages of cloud data is that it’s accessible from multiple devices, but that access also exposes the data to more vectors of risk. An immutable backup is a write-once-read-many format that cannot be changed, edited or overwritten. Read-only files cannot be lost, deleted, corrupted or encrypted in a ransomware attack.
Immutable storage can also be time-limited, allowing you to update or delete files within a certain period that the user specifies.
Business Functions Impacted in a Cyberattack
While some might think that a construction company would be less impacted than others by a cyberattack, the company faced three problems that are common in a cyberattack:
Work in Progress (WIP) can’t be billed. You likely cannot access information to see what has been invoiced, send invoices or receive payments.
Proposals can’t be accessed. Any information that had been gathered for a bid is locked away.
Payroll. Many employees are having their time tracked electronically and, without access to systems, you can’t figure out what people are owed. Even if you could, you might not be able to pay them using the traditional payroll system.
Smaller Businesses Get It
Wayne also shared that while some enterprise-level companies may move more slowly on implementing a full suite of protections against cyberattacks, smaller businesses are more and more “getting it” when it comes to cybersecurity. They’ve come to realize that even though they are smaller, with client lists of 50, not 5,000+, they represent part of a larger scheme. By getting access to those 50 clients, cybercriminals can keep going and soon have thousands of victims.
Practice What You Preach
Wayne knows that it can be annoying to have to use MFA and other security measures. He knows because he has the same measures in place at AvTek that he recommends to his clients. Not only does this protect AvTek but it also gives them a sense of the user experience — invaluable when framing the sale as well as for the onboarding process of new clients.
Wayne reminds himself every time he enters a password on an internal system that information is at risk and that without these measures, there’s every chance that AvTek (and by implication, all their clients) will be attacked and exposed.
Even though Wayne explains to clients that what he is proposing is what he does in his own company, change is still hard. But Wayne welcomes having those difficult conversations and documents when clients refuse to take certain measures. Every quarter he will go back to them and continue to beat the drum for change. “Documentation and communication,” he says. Clients may still refuse but Wayne will have proof that he’s been doing his job.
A Security Triangle
Part of that communication has to exist within your cybersecurity solution, as well. Cybersecurity isn’t just the measures you take. It’s the compliance you ensure you are meeting for your industry. It’s also the insurance you have in case anything goes wrong. Wayne advocates for an open line for communication — and collaboration — between these three partners. Silos between these partners can undermine the very cybersecurity that companies are trying to establish. Wayne emphasizes that “completing that circle” between these partners offers a much better security posture.
Now, if you’re dealing with a managed services provider (MSP) like AvTek, two angles of that triangle might be with the same provider: Wayne and his team provide both cybersecurity solutions and compliance assistance. There is the chance of a conflict of interest there and Wayne provides an analogy:
“If I’m walking out the door, I might always think I look good. But if I ask my wife, she might not agree.”
To guard against this, AvTek puts in checks and balances to ensure that compliance and security are looked at as the separate issues they are, rather than a blurred combo of the two which can lead to more risk.
If the worst happens, you’re going to want the best financial, legal and technical support to get you back up and running again. With cyber insurance from DataStream, we find the most comprehensive insurance coverage on the market alongside critical post-incident customer support.