Welcome to Week 2 of National Cyber Security Awareness Month, and US Pro’s journey through the steps of understanding that can change behavior patterns, which will make us all achieve our goal of how to #BECYBERSMART.
Last week’s topic of UNDERSTANDING WHY ANYONE IS AT RISK provided an inside look at the inside coming out risk that causes Cyber events. We learned that the external threats of hackers and cyber criminals are only successful because of the behavior patterns and human nature of your employees that allows it. This week we expand on this idea in a more illustrative way as we dive into THE MEANS TO AN END IN THE DIGITAL AGE.
The last 20 years we have seen an amazing advancement in technology which has created for us a digital footprint – both personally and corporately. This new aspect of our identity was not present prior to the internet age and brings with it an entire spectrum of risks that businesses simply do not see. A big part of the problem with how we work now is that most of what we do exists in a non-physical realm. If we can’t see it, hear it, taste it, feel it, or smell it, it becomes “out of sense, out of mind” to us.
Another part of this problem is the learning curve. In the world of computers, programs, processes, and even the language of the industry, it becomes white noise to many people. Still others know enough to pretend they know, but are one step away from falling off the cliff. Making matters worse, the curve has a very big gap in it, so there is a big variance in basic Cyber literacy in 2020. This creates exposure to loss.
We have embraced the use of technology and all of its conveniences and abilities, and we have ignored all of its threats and its vulnerabilities. Interestingly, with all of this improvement in business process, product development, distribution and data management, the end is still the end after all.
The story of Joe’s Pizza illustrates this dynamic:
Joe makes pizza. Joe’s Pizza was started back in 1978 by Joe Sr. Joe Jr. back then was little Joey, and it was a different world. Each day, Joe Sr. would go down to the store and open up the restaurant. Back in those days, pizza was still served in restaurants besides takeout/delivery. Joe would go through his kitchen and pantry each day and take a manual inventory of food items that needed to be ordered. Joe would spend time working on an advertisement or coupon he wanted to be put into the Penny Saver. Joe had a sign that lit up at night out in front that said JOES PIZZA. Joe would get pizza orders by telephone, which would often have a busy signal if too many people called at the same time. When the customers paid for their pizzas, they would pay with cash or check. Credit card were rarely used, and if so, the imprint machine had to be dusted off. Debit cards did not exist. Employees were paid by paychecks, which were handwritten and calculated in the back office. Finally, the daily earnings had to be brought to the bank to be deposited.
Joe’s biggest economic risk back in those days was from fire damage to his building.
Joe Jr. makes pizza. Joe Jr. now runs the same restaurant his father started, and they are celebrating their 42nd year in business. Each day, Joe goes down to the restaurant. Twice a week, he opens up his computer and makes an order for supplies based on the inventory he needs. He knows what he needs because Joe Jr. installed an automated inventory system that will alert Joe well in advance of when ingredients or supplies run low. This allows Joe to order less frequently based on better knowledge of how much product he uses and how often. Joe has a special for a $22 XL cheese pizza on his website, www.joespizza.com to celebrate the anniversary. Simply log-in, download and print the coupon. You can also do this on the mobile app Joe had made for the restaurant. Joe still has the sign-up and added a message board that has automated daily specials programmed to scroll across it. There is a lot less restaurant space today, and that space was converted into a larger kitchen to handle the increased volume of orders from GrubHub, DoorDash, online, mobile app, and the telephone. Checks are no longer taken, and most of his business is paid for by credit or debit card. Employees are paid electronically, many with direct deposit into their accounts or by check. Finally, deposits are still made with the little cash they get, but less frequently due to the lower values.
Joe’s biggest economic risk in these days is from an extended business interruption event as a result of a systems failure.
In the illustration the end is still the end. Pizza is still the product sold to customers. But what has changed is the means to get to it, and the risk from it. Joe’s reliance on his systems for inventory, payroll, phone systems, POS systems, security systems, and website all create a big financial risk for him in the event of failure from ransomware or other factors besides service outages or physical damage. Joe has risk to privacy compromises and the associated breach response costs and PCI/DSS fines and assessments. Joe has the risk of being a victim of a phishing attack event that causes him financial loss. Joe has a lot of other risks than just these.
The message is that the means to an end in the digital age brings with it a new area of risk that has the likelihood of not being able to recover from without a comprehensive disaster plan that includes adequate Cyber insurance.
Join us next week as we look closer into the cyber threats of Ransomware, Phishing Attacks and BEC Events.