Ask Tech Effect: Is Security Overrated?
There’s been a lot of talk lately about attacks on company computers and the damage it can cause. People are getting worried and nervous for understandable reasons. After all, no one wants to be the victim of an attack.
People start talking about improving IT security, but they don’t know where to start. There are terms like firewalls, viruses, hackers and networks that they don’t fully understand. Business owners struggle to find the resources to prevent a threat and care about the threat.
Eventually most people don’t think security is relevant, and they start to believe that all the hype about “security” from IT companies is just a way to squeeze more money out of customers.
You think there’s a fear train going around, and experts are using that fear train to make a profit off of customers when there isn’t a need.
Getting good quality IT security isn’t cheap, and many people are quite used to having free security solutions you can find everywhere on the Internet. High quality IT solutions, such as those designed by IT companies, may be more than you are willing to afford.
That’s why you often hear people say “Basic Internet security is enough, there’s nothing wrong with it, and we’ll be perfectly alright”. When people put out products such as paid anti-virus or paid storage, they are often disregarded as “money traps”.
But are they really money traps? It seems that people are so comfortable with the fact that free solutions are available, as well as the fact that attacks don’t happen to them often, and thus they don’t think they need a robust security system.
The truth is, attacks can happen to everyone, and it’s not smart to look away from the threat it can pose. While some security solutions and products really are untrustworthy, not all of them are, and you should start thinking about how you can tell security is relevant for your company.
The Threat Is Real
First off, the attacks. Many people think that because they haven’t had a major attack happen in their company, no one’s looking to hurt them and they don’t need to invest in security, or care about basic safety procedures.
By that logic, your house has never been robbed before, so clearly no one wants to rob it. It’s perfectly fine to leave your windows open and your front door unlocked. After all, no one’s robbed your house before, so no one’s going to check!
You would think I was crazy if I said something like that.
That’s why the same logic for IT doesn’t work.
Just because no one has targeted you yet doesn’t mean people are never going to attack you. Thefts online don’t always work as thefts in real life.
You still have people looking around for targets to hack, and you are not always going to find them by looking at the shady people who are standing around your building, waiting for that one moment you are careless.
We are talking about individuals who are creating traps for unsuspecting people to fall into. These are individuals who understand how people think, and are constantly innovating ways to attack us. People have fallen victim to traps not due to their lack of intelligence, but because they are facing a threat they’ve never seen before.
Your company’s IT is like your house. Your actions on the computer are the basic security measures.
Hackers can still bypass your basic security measures, because you’ve either forgotten them or fallen into such a routine trap that you don’t pay attention to what you’re doing.
No one willingly invites an attack (unless you’re a company doing a controlled experiment), and the threats are truly devastating.
It’s a cliché when I say that the threat is real and you need to be cautious, but it’s true.
Just because attacks don’t happen often doesn’t mean they don’t happen.
But The Attacks Are Just A Simple Virus For Pop-Ups, Right?
You’re not wrong to think that way, but attacks have grown since then.
People first started attacking other computers just because they could. The attacks started out as relatively harmless pranks.
But as more business was being carried out through the Internet, people realized that there was a lot of money you could make by going online and taking money from businesses.
Then the attacks started getting more intense, with password thefts and viruses affecting users and slowing down business, to the rise of ransomware and information theft.
As our technological prowess increased, so did the number of crimes that could be committed.
This wasn’t helped by the creation of Bitcoin, which has become the virtual currency of choice for these criminals. You can’t trace Bitcoin, which means it’s harder to find criminals, and you’re often in a situation where if you didn’t backup properly, you have to make a hard choice.
A choice between paying the money and encouraging the crime, or attempting to act strong but losing access to your hard work.
Cybercrime (crimes on the Internet) are evolving into threats that people are having to take seriously. You might still run into the attacks of pop-ups and other annoying problems, but harmless attacks are not too common anymore since people realized money could be made.
Put it this way; suppose you are right that the worst attack out there is going to be harmless. At best, it’s an IT problem that can be quickly resolved. At worst, it could cost you a lot of money, time and emotional stress.
Regardless of the outcome, someone was still able to attack your system, and it’s a hole that you shouldn’t leave unchecked.
I’ve Not Heard Of Attacks In My Local Community
One of the biggest reasons people are unprepared for cyber-attacks is that they rarely hear about a person getting hit by any attack.
You might have the big news story of a large company getting attacked, but you never hear about attacks from your local competition, or even experience these attacks from yourself.
The worst attack many people encounter is just an accidental virus, or a lot of pop-ups. Annoying, yes, but you usually don’t start having panic attacks and alert the media when it happens.
Unfortunately, just because you aren’t seeing and hearing of any attacks does not mean there are no attacks.
We often forget that the world doesn’t revolve around us, which is a big trap that many people tend to fall into. As a result, we underestimate the severity of the attacks with the reality of it happening.
To be fair, it’s true that many people won’t be the victim of an attack, so it’s not unreasonable to believe that you won’t be targeted in the near future. However, times change, technology changes, people change and crime changes.
There may be a time where people think it is profitable to target small businesses, who are greatly underestimating the potential threat.
It does sound a bit like fear mongering, and let’s be honest, you will have to do a little fear mongering to show people the problems they aren’t noticing.
But what IT security experts want you know is that these threats can happen, and it may eventually become a matter of when you are attacked, not if you are attacked.
Besides, only getting security AFTER an attack has happened is, as most people will tell you, rather useless. If the threat has occurred, you’re not going to fix it by using prevention tactics.
When experts tell you to think about security, they’re not trying to use your fear as a way to make money. They want you to think about the damage that could occur if you ignore security, and show you that you don’t have to be helpless if and when it happens.
But The Solutions Are So Expensive! They Must Be Overcharging!
The costs of a good solution will obviously seem greater than what most people would believe. As with most technology related products, prices are not cheap. This immediately has people thinking that technology is a rip-off, and it’s easier to do it yourself.
To be fair, it’s not unreasonable to go with a DIY mindset. Everyone wants cheap prices and the best quality. If a solution is good enough to make it by yourself, why would you pay an expert to do it? After all, that’s why a growing number of people are learning how to build their own computers.
However, the area of security is very different than you might expect. The technology and expertise that experts have is most likely going to be different than what you have, which also limits your security options.
For example, backups are a security area that people are able to do themselves. Keeping a backup on your files is much easier now that we have portable storage media, such as external hard drives, and the prominence of cloud storage, which allows us to store files online.
On a personal level, it’s not too difficult to do a DIY solution. All you really need is an external hard drive and a cloud solution like Google Documents.
However, when we get into the business setting, that’s a bit different. You’re going to have customer information, business information and operational knowledge that you have to deal with.
These types of information update on a constant basis, and you might not be able to properly backup data using the same tactics you use for files at home. You can try, but eventually the effort will take over a lot of your scheduled time.
Also, most free cloud solutions were just designed for general storage, such as your personal files. They often don’t have the advanced security necessary to defend them, because the expectation is that people won’t put business secrets and other confidential information online.
Technology companies also have to keep up to date on online threats that hackers make. They do their best to work harder than the attackers so that you can rest easy knowing that your knowledge is safe.
Free solutions are designed to give people a taste of what they can offer. Just like any service, a paid solution will contain more features, with experts providing better support and security.
Now, you might wonder why companies aren’t just giving these services away for free. After all, they gave out a free service, so they should make everything free, right?
However, just as your company is not going to give out their services for free, you can’t expect the same of other companies.
People need to make money so they can eat, sleep and provide their services continuously. Think about it; if you wouldn’t provide your services for free, why should anyone else do the same? Businesses are created for profit, even not-for-profit charities need money to provide their services.
Think about it too, how much would it cost you to provide a solution that you create yourself? A technology expert has the expertise to create a solution that would most likely be implemented faster and more effectively than you could. That’s why they’re the expert and you’re not.
If you really think the solution is too expensive, then you need to carefully consider what you are paying for. Smart shopping habits apply; don’t be afraid to ask other technology companies and get quotes from them.
Now, some companies will try and get as much money as possible, but this is true in every industry. That’s why shopping around is important. Talking to your IT department and/or experts will help you determine what your needs are, and what security measures are necessary.
If You Would Secure Your House, Secure Your IT
If you think IT security is overrated, you’re unaware of the potential threat that could be looming.
With most of our financial transactions, information and contacts online, it’s a treasure trove of goodies for thieves.
Is security overrated? That depends.
But if you’re not sure how you would handle the complete theft of your information, your files held for ransom, or data leaks ruining your business, it’s time to think about security.
It’s not “just another story” if it’s your data on the line.
If you’d secure your house, you should secure your IT. Your customers, employees and colleagues will thank you.
We hope you enjoyed this article! If you liked it, share it with your friends and family, and follow us on Facebook, on Twitter @mspblueshift and on LinkedIn! Call us at 1300 501 677 for a look at your IT today!