Three Mistakes that can Kill Your Business

No matter what line of work you're in, constantly expanding upon your knowledge and skills is the best path to reach the next level. I'm a firm believer that mistakes are a great learning opportunity, but you don't have to pay the high price of learning the lessons in this article. Read on for three mistakes people make that can kill their business for good!

You built something great.. now learn how to keep it that way.

How many countless long days, late nights, and thousands of hours have you invested into planning, building, and running your business? With some simple planning and preparation, your business can be prepared for nearly any security incident, and will be ready to quickly and efficiently respond when something does happen.

Three Mistakes you can learn from:

• Being Unprepared for Business, Cyber Risk Insurance, or Regulatory Compliance Requirements

Compliance requirements can stop a business deal in its tracks. Regulatory compliance penalties come in the form of fines and legal consequences. The fines can be huge, depending on how far off the mark your business is. Work with experienced professionals that can help you efficiently navigate your security program and compliance needs. In addition to avoiding fines, exercising Due Care and ensuring that things are up to snuff with your security and privacy will help you when your business files an insurance claim or has to deal with a lawsuit. If you ignore your insurer's requirements (often very aligned with regulatory requirements), your claim can be denied, forcing you to shoulder the entire burden of a costly incident.

• Ignoring Risks to Reputation

Does your business have a plan for how to properly deal with an incident? Have you practiced it? If you have an incident like a ransomware attack or a data breach, how your business responds will be in the spotlight. You might even make it onto prime time local news. Train your team on what to do, and who should be designated as a spokesperson to customers and media. Incident response plans are simple to develop, and training your team on them takes only a couple hours each year. Screwing up leads to lawsuits, a terrible public reputation, and possibly law enforcement getting involved. Things DO happen, and people DO hear about it. Be prepared to respond- for you, your employees, and your customers.

• Inadequate Resiliency - Welcome to Business Continuity and Disaster Recovery Planning

Modern businesses are driven by technology, and rely on a connection to the internet. Many do not perform adequate planning and training in regard to business continuity and disaster recovery. What’s your plan if you lose the file or database server that has your financial records and client data from the last several years of operations? If your data center is flooded, can you acquire replacement equipment and get it back online in a day, or do you have a backup site ready to fail over to? With some pretty simple planning efforts ahead of time, you can avoid scenarios like that. Many businesses that experience an extended outage or huge data loss end up closing their doors permanently. Be prepared- get a routine backup process going in your operations, and have contingency plans in place so that you have a "Plan B" for your data, systems, and operations for when stuff hits the fan. 

A great starting point for all of this is to conduct a holistic risk assessment (such as our Rapid Security Audit® to measure where your security and risk management programs are today, and identify any gaps that need addressing. There’s enough to know about that this is an entire professional domain of knowledge. Experienced professionals will help you quickly and efficiently get things in place to mitigate risk, so that you can return to focusing on growing your business.