How Technical Debt Opens the Door to Cyber Attacks—and Steps to Protect Your Small Business

StrategyDriven Managing Your Finances Article |Cyber Attacks|How Technical Debt Opens the Door to Cyber Attacks—and Steps to Protect Your Small BusinessThe virus pandemic of 2020 is severely disrupting the economy and the large and small businesses that drive it. Poor practices such as ignoring safe distancing, insufficient sanitation, and not mandating mask-wearing open the door to infection of customers and staff and threaten the viability of a business.

Similarly, poor practices that allow a business to incur technical debt open the door to cybersecurity exploits that can bankrupt a business financially or through loss of trust and reputation in the eyes of its customers. Leaders of small and medium size businesses (SMBs) often think their size lets them operate under the radar, as less attractive targets to bad guys. But, actually, their lack of robust security strategy and resources make them easier to penetrate. And, sadly, the National Cyber Security Alliance (NCSA) reports that 60 percent of small companies are unable to sustain their business more than six months following a cyberattack.

Years of experience working and advising businesses domestically and internationally has shown that business leaders find it difficult to recognize tech debt and how it exposes cyber vulnerability. As technology has evolved over time from main frame to client server to the Internet and now the cloud, the impact of a new Tech Debt 2.0 has grown stealthier and more sinister. This is especially true for SMBs that lack the resources to apply to cybersecurity. CEOs and CFOs managing technology may not recognize tech debt building up in their SMBs—because it is not revealed in monthly variance reports or other accounting controls. Someone in their organization, without explicit or implicit authority or oversight, may be making decisions adding to the Tech Debt 2.0 load and increasing exposure to cyberattacks. Let’s look at how that might happen and how to prevent it.

Old and Obsolete Infrastructure:

Azeotrope, an aerospace firm in the Southeast, realized they were compromised when a number of clients complained of receiving invoices from Azeotrope that contained confidential information about their client’s orders and projects. Months of investigation by a cyber consulting firm finally determined the source of the vulnerability to Azotrope’s network: a combination printer/fax machine in their testing and QA area that engineers regularly used to fax lunch orders to a local Chinese restaurant. Because the device was connected to the company’s network for printing purposes, it provided network access using out-of-date insecure facsimile protocols. This gave the bad actors access to the company’s customer accounts and valuable data.

“Fax is an ancient technology; the protocols we use today haven’t been changed for the past 30 years,” notes Yaniv Balmas of Check Point Software, a leading provider of cyber threat intelligence. “Fax data is sent with no cryptographic protections; anyone who can tap a phone line can instantly intercept all data transmitted across it. Fax is always sent unauthenticated. There are absolutely no protections over fax.” Balmas advises: “If you can’t stop using fax, segregate the printers, put them on a separate network.”

The Tech-away: Identify and remove obsolete components from your network. Not just equipment with obvious vulnerabilities like fax, but all equipment no longer supported and updated by the manufacturer for cybersecurity risk.

A Stitch in Time . . .

Patches are often created after a software or hardware company has experienced a data breach or recognized a vulnerability that might allow one. The patch is issued to ensure other businesses’ data remains safe. Applying a patch as quickly as possible lessens the risk of your business becoming affected. But it is each business’s responsibility to know a patch has been issued and to apply it promptly. That is patch management—a relatively straightforward process, 10 or 20 years ago. Today, however, the vast proliferation of software and hardware components in our business environment have made patch management a complex, time- and resource- consuming necessity, critical to the cybersecurity of a business’s network. Failure to effectively manage patching is a main cause of accumulating excessive Tech Debt 2.0 and security penetration.

NETGEAR, a highly respected manufacturer of network equipment in data centers, offices, and the homes of hundreds of thousands of people working from home now, and, possibly, far into the future, recently sent an email alert to its customers. An excerpt is below. How would your CFO or CIO handle this?

Hello.

We have become aware of vulnerabilities involving certain NETGEAR products and have issued a security advisory.

We have released hotfixes addressing some of the vulnerabilities for certain impacted models and continue to work on hotfixes for the remaining vulnerabilities and models, which we will release on a rolling basis as they become available. We strongly recommend that you download the latest firmware containing the hotfixes as instructed in the security advisory. We plan to release firmware updates that fix all vulnerabilities for all affected products that are within the security support period.

Until a hotfix or firmware fix is available for your product, we strongly recommend turning off Remote Management in your product. Please follow the steps below to turn off Remote Management immediately. . .

The Tech-away: Take steps to reduce the burden and complexity of patch management. Adopt software and hardware that automatically detect and apply patches. Look for opportunities to shed responsibility for patch management through outsourcing cybersecurity responsibility or utilizing cloud services that provide monitoring and patch management services. Tech Debt accrued through failure to manage patching effectively can fatally compromise your network and business.

People, Policies and Processes

Of greater consequence than obsolescence and patch management to Tech Debt 2.0 and cybersecurity are the people, policies, and processes that make up the culture and collective mindset of a business organization. Properly patched, up-to-date infrastructure is not going to stand in the way of the accounts payable clerk or chief marketing officer who clicks on the attachment to an email from some bad actor posing as a trusted vendor or prospective customer. Equally dangerous is the computer operator who props open the data center door to make it easier to allow the guy who says he’s the A/C maintenance engineer get in and out. Or the CEO who shares her password with her husband and children so they can access her mail and messaging accounts.

Establishing a data security mindset from the bottom to the very top of an organization is a basic essential to safeguarding a business from cyberattacks. Policies and processes must instill in all the company’s people an always-on awareness of their responsibility to protect the physical and digital assets of the enterprise. That mindset needs to be reinforced frequently and backed up by actions that demonstrate commitment and consequence behind company policies and processes.

The Tech-away: Formulate and clearly communicate policies and processes governing any actions that involve cybersecurity. Visibly demonstrate across the organization the commitment to security.

Make cybersecurity awareness a visible priority for every person in the organization.


About the Author

StrategyDriven Expert Contributor |Michael C. FilliosMichael C. Fillios is the founder and CEO of the IT Ally Institute, a nonprofit organization providing small and medium-sized businesses (SMBs) access to knowledge, research, and practical tools to improve their tech bottom line. A senior global business and technology executive with more than 25 years of experience in IT, finance, operations management, and change leadership, he lives in Mason, Ohio. His new book is Tech Debt 2.0™: How to Future Proof Your Small Business and Improve Your Tech Bottom Line. Learn more at www.itallyinstitute.org.

7 Professional Development Goals To Set Today

StrategyDriven Professional Development Article |Professional Development Goals|7 Professional Development Goals To Set TodayNo matter what career you set your mind to, you’ll have to create a set of professional development goals, so that you stay on top of your game. It’s also important to invest time and energy into your professional development, since they focus on your functional expertise, accomplish tasks in your current job, and prepare you for the next step in your career.

Here are 7 goals that you need to set for professional development today:

1. Start With An End Goal

You heard right! Start with the end!

“To start with an end goal means to think about the future,” says Joan Smith, a business coach at NextCoursework and Write My X. “In other words, work backwards. As you work backwards, you’ll find your answers easily. Figure out what it will take to get to each goal, the skills and experience needed, and any other required training or certification.”

Here are questions to consider when thinking about your end goal:

  • Where do you want to be in a few years?
  • What will your title be in a few years?
  • What kind of company do you wish to work for?
  • What new skills will you have, by the time you’re hired for a company?
  • What will your achievements be?

2. Remember Why You’re Here

Do you sometimes feel overwhelmed, to the point where you question how you’ve picked a profession to begin with? Don’t worry – we’ve all been there at some point.

In fact, part of your professional development goals should be to make sure that you don’t get burned out of what you’re doing. Instead, take some time for yourself to quietly reflect on why you’ve chosen your profession in the first place. Also, think about the people that you’re affecting with your profession. Once you reflect on these things, you’ll get a clear understanding of why you’re here, and then come to appreciate it more.

3. Be SMART

Try the acronym SMART to figure out your objectives, and learn to reach them:

  • Specific: Your goal must be clear and specific, and it’s what you want to accomplish. Also, think about why that goal is important, who is involved, where needs to be done to complete the task, and what resources you need for it.
  • Measurable: A goal should be trackable from beginning to end.
  • Achievable: The goal has to be realistic, to ensure success.
  • Relevant: Your goal must matter to you, and also align with your other goals and long-term plans.
  • Time-bound: Your goal needs a deadline to maintain accountability.

4. Strategize Each Goal

It’s important to have strategies for each of your goals – not just one of them. First, break down your goals into smaller tasks to give yourself achievable milestones as you progress.

Afterwards, ask your HR department if there’s a budget for learning and development. If so, sign up for a course, and learn as much as possible. Finally, when you take a certification exam, make sure you study prior to testing.

5. Establish Relationships

Relationships matter in many industries, including retail, real estate, customer service – the list goes on. No matter your profession, you have to cultivate relationships with your customers, so that you can be a shining star in your community, and positively affect people’s lives with what you have to offer.

6. Check In With Yourself Often

“It’s important to check in on yourself every so often, when developing your professional goals,” says Hayden Wilkinson, a writer at Britstudent and Australia2Write. “In other words, set up a time weekly or monthly to track your progress, and see how you’re doing. If necessary, you can have a friend or family member check in on you to see how you’re doing every week or month, so that you’re giving your best all the time, every time, in your profession.”

7. Make Time

When it comes to setting goals, you still need to make time for them. Regardless of your objective or profession, you have to be consistent with your goal-setting. Even if you have to substitute an activity (i.e. watching TV) for focusing on your goals, then do so.

Conclusion

Once you set up some of these professional development goals, you be certain that you’ll improve always, and that you’ve kept track of your accomplishments.
Don’t just wait for your company to offer you on-the-job training. You can start setting your professional development goals today!


About the Author

Vanessa Kearney is a writer and editor at Write my research proposal and Phdkingdom.com. She is also a contributing writer for Research Paper Help. As a professional writer, she is not only passionate about writing on various topics, she also strives to create something unique and exciting for her readers and subscribers.