Cyber Security: The Trend is Not Your Friend

I was once told by a good pal of mine, “the trend is your friend.” And, while, that might work quite nicely for him during his many days and nights in Atlantic City casinos, I am here to assure you that recent experience with clients is proving that not all current trends are your friend. The number of cyber and information security breaches that I have encountered in just the past 60 days is a trend that some of you might want to take care of sooner rather than later.

One common myth that continues to persist within small and mid-sized companies is that they are too small to be a target. On the contrary, this is the exact target that the evil hackers are looking for. It is likely because (back to the trend) that there are little or no cyber and information security controls in place. With no defense, they barrel right through and find the jewels.

Are you experiencing this trend? Take a minute to reflect.

Has your bank routing numbers mysteriously been changed and you lost $$$?

Are you a victim of a ransomware attack?

Has a senior leader or owner been personally held for cyber ransom because their identity has been compromised?

Are you getting what looks like legitimate emails from employees asking to have things changed, like new banking information?

Have you wired $$$ to what you thought was your regular account when, after the fact, you realized it was not?


Of course this list can go on and on, but I will cut it short. The fact is, more and more small and mid-sized companies are becoming the target of cyber-attacks. Thankfully, a more positive trend is that more people are calling us to address this business risk before it becomes a large problem. That is a trend that I am very happy to see and I would encourage all of my readers to follow.

If you are experiencing anomalies that you just cannot figure out or if you are the victim of a cyber-breach and are looking for ways to ensure that it does not happen again, there are things that you can do today to move the pendulum in your favor. Some of these can be done, internally, while others you will likely need to partner with a cyber and information security firm.

Perform a health check – take a look at the people, processes and technology that you use today and determine if they are suitable to prevent and detect a cyber-breach 

Phishing simulation and awareness – the human continues to be the weakest link. Strengthen the human firewall within your company and perform phishing campaigns and security awareness sessions on a quarterly basis. This is not simply training but changing your culture and making it part of everyone’s DNA

Security monitoring – many people think because they have an IT partner taking care of IT then they must be watching your network for malware, hackers, breaches, etc. They (most likely) are not. You need someone to watch your network 24×7 to help insure proper cyber security hygiene.

Password management – yes, we talk about this over and over and over again. However, the trend continues to reflect many people continue to use the simplest passwords like password or 123456. Reverse the trend and start using two-factor authentication

Business continuity management – disaster recovery plans that can actually be executed and can restore data within a day will help ensure that you continue to be in business and are not the victim of some sort of business disruption


The end goal is to commit to yourself and the employees that rely on you, to create a cyber and information security roadmap (like the one below) to help ensure your business risks are kept to a minimum. THIS new trend will, indeed, be your friend. This does not have to happen all at once, this is a journey. We can travel this road together and reverse the vulnerabilities that you may have and prevent others from entering your company. Together, we can provide you the peace of mind so that you can focus on your bottom line.

Karl Kispert recently spoke at Industrial.Exchange’s Private Equity Info Day and will be a speaker at the IndEx 2019 summit in Miami Beach on May 6-8, 2019. He is a Principal at Grassi & Co.