No Need to Outrun the Bear

I was skiing in the woods last weekend and noticed some interesting paw prints in the snow. This always brings to mind the wisecrack about not having to outrun the bear. You just need to outrun your slowest companion.

There's a topical analogy in business technology.

My last newsletter provided a 5 minute litmus test for you to determine whether your information security strategy needs more attention. Whether or not you concluded that you need to dig deeper, I have a few quick wins for you.

No security strategy completely guarantees against intrusion, but there are ways to reduce risk significantly, quickly and at low cost.

Over recent years, the hacker industry has focused more and more on the easy pickings, small, medium or large businesses whose security is lax and easily penetrated, and who can be monetized by techniques like ransomware.

The unfortunate fact is that many businesses pay less attention to security than they should, and security standards are low. This is your opportunity. With a few basic measures, you can reduce your risk by 10x. No kidding. Depending on your response to my litmus test, you may need to go further, but 10x is enough for you to be much better than the average. To outrun the majority of your peers.

So try my second 5 minute test to get started on your path to escaping the bear.

Six Quick Steps

Answer these questions YES or NO:

  1. Could your staff be responding to suspicious emails inviting them to visit sites, download software or transfer funds? (80% of breaches start like this, the vast majority through innocent error.)
  2. Do any of your non-IT staff have the ability to install software on their own ( or colleagues') computers?
  3. Does it take more than a week to install newly releaseed security patches on all your staff's computers?
  4. Do any of your suppliers' or business partners' systems interface with your systems?
  5. Last time you had a breach, did it take more than a day before you knew about it?
  6. If you had a breach next week, would your team need to spend time determining a response? Could this include having to notify customers and third parties?

If you answered YES to any of these questions, contact me at to discuss some quick fixes.

And in case you missed it, here is my litmus test for the significance of security to your business.