We sat down with business luminary and “Shark Tank” investor Robert Herjavec to discuss what data security means in a digital world.
You have an innate passion for data security, what was your earliest source of inspiration to get involved in this industry?
I’ve been in this industry for over 30 years — long before there were headlines about security breaches and risk in the media every day. It was a growing space, even back then and I was simply looking for work. I was fascinated at the time by how security was adapting to business need and not leading business transformation. Now it’s 50-50. A lot of our business is driven by compliance.
What was the most important lesson someone taught you about protecting your business and financial information?
It’s the same lesson that helps me drive my business — only the paranoid survive.
In the cyber industry we love to say, “It’s not a matter of if you will be breached, it’s when you will be breached.” It’s not a fear tactic, it’s just reality. It’s important to never rest on your laurels. Always be planning, patching and updating systems. Understand your data, your access controls and your scope. Be paranoid.
What are your top data protection tips?
Train your staff on how to spot potential cyber threats, especially considering ransomware is often spread through online phishing campaigns. You also want to ensure that all data is backed up at regular intervals and is kept off the internal network. Make sure that all software applications are patched regularly — 44 percent of attacks are often due to unpatched code that’s two to four years old.
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code can execute malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources.
Get the help of an expert advisor in security. You don’t know what you don’t know — and likely don’t have the manpower to support the size of your organization’s infrastructure. You can benefit from advanced data correlation and threat intelligence by engaging an expert.
What’s the biggest mistake you see others make when protecting their data or businesses — in your professional life or trending overall in the data security world?
In the personal space we want things to be easy and we forgo security — easy passwords, all the same passwords, open networks, public wifi, etc. We do our banking at Starbucks — it’s crazy. We have evolved significantly in the enterprise space in terms of understanding cyber risk and putting measures in place to protect our businesses, our employees and our customers, but we have a long way to go. Data is used as a weapon today, and we can’t make a one-and-done investment and assume things will get better. This battle requires ongoing investment in technology, in training and constant monitoring.
Best advice for someone who believes they already have all the data security and protection tools under their belt needed to protect their own business?
I shake my head because there is no such thing as perfect security; only the paranoid survive.