Robert Herjavec Breaks Down How to Navigate Data Security
Business Solutions We sat down with business luminary and "Shark Tank" investor Robert Herjavec to discuss what data security means in a digital world.
10 Steps to Minimizing Cybersecurity Threats
Here is a list of 10 things you can do immediately to minimize risk of your business being compromised by a digital security threat.
1. If you use computers, you are vulnerable. Make a list of connected resources, devices, software and services you use, and understand how to secure them.
2. Introduce the idea that data access is a privilege, not a right. Data should only be available to those who need it.
3. Back up your data to two separate locations and update hourly so you never lose more than an hour of work no matter what happens to your source.
4. Most malware comes in through emails or bad websites. Concentrate first efforts of defense by filtering emails and web traffic. Get a good firewall to separate your office from outside. Using a good DNS makes it possible to filter out dangerous websites.
5. Teach yourself and your employees what not to do. For example, avoid clicking on incoming unknown email attachments or opening emails from unknown senders.
6. Update every piece of software you own as often as possible.
7. Split your WiFi network up in segments that cannot ‘see’ each other. In that way, you limit transparency for intruders.
8. Change your passwords often.
9. Do not open email with Office documents — they can contain infected macros.
10. Avoid public cloud services made for consumers. They are free but bring risks.
SOURCE: Richard Jonker, Vice President of SMB Product Line Management, NETGEAR
You have an innate passion for data security, what was your earliest source of inspiration to get involved in this industry?
Robert Herjavec: I’ve been in this industry for over 30 years — long before there were headlines about security breaches and risk in the media every day. It was a growing space, even back then and I was simply looking for work. I was fascinated at the time by how security was adapting to business need and not leading business transformation. Now it’s 50-50. A lot of our business is driven by compliance.
What was the most important lesson someone taught you about protecting your business and financial information?
It’s the same lesson that helps me drive my business — only the paranoid survive.
In the cyber industry we love to say, “It’s not a matter of if you will be breached, it’s when you will be breached.” It’s not a fear tactic, it’s just reality. It’s important to never rest on your laurels. Always be planning, patching and updating systems. Understand your data, your access controls and your scope. Be paranoid.
What are your top data protection tips?
Train your staff on how to spot potential cyber threats, especially considering ransomware is often spread through online phishing campaigns. You also want to ensure that all data is backed up at regular intervals and is kept off the internal network. Make sure that all software applications are patched regularly — 44 percent of attacks are often due to unpatched code that’s two to four years old.
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code can execute malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources.
Get the help of an expert advisor in security. You don’t know what you don’t know — and likely don’t have the manpower to support the size of your organization’s infrastructure. You can benefit from advanced data correlation and threat intelligence by engaging an expert.
What's the biggest mistake you see others make when protecting their data or businesses — in your professional life or trending overall in the data security world?
In the personal space we want things to be easy and we forgo security — easy passwords, all the same passwords, open networks, public wifi, etc. We do our banking at Starbucks — it’s crazy. We have evolved significantly in the enterprise space in terms of understanding cyber risk and putting measures in place to protect our businesses, our employees and our customers, but we have a long way to go. Data is used as a weapon today, and we can’t make a one-and-done investment and assume things will get better. This battle requires ongoing investment in technology, in training and constant monitoring.
Best advice for someone who believes they already have all the data security and protection tools under their belt needed to protect their own business?
I shake my head because there is no such thing as perfect security; only the paranoid survive.