“Risk acceptance is a form of risk ignorance.”
Trava’s director of cyber risk services tells it straight in a recent interview with Jon McLachlan, host of the Security Podcast of SiliconValley. In Part 1 of this blog series, we highlighted excerpts from the podcast where Mike introduced the role of a vCISO and the importance of cyber insurance. We continue with a few more important lessons from the field about cyber risk management.
Jon: What’s one question that small business leaders should be asking themselves right now?
Mike: Threats are pervasive. They are everywhere. The biggest responsibility business leaders have is to protect their data—and their customers’ data. And the most important question they can ask is, “What can our business do today without access to our secure data and our systems?” The answer is likely, not much. It’s critical that your data is secure, that it is available, and that it is only accessed by people who need it and who have the appropriate permissions.
Jon: What do you consider a good day as a vCISO?
Mike: When one of our clients achieves a certification like the SOC2 or ISO 20017 it’s a big accomplishment. As notable as getting the certification is the work that goes into the process. It also validates the cybersecurity and compliance efforts of the company which in turn gives current and potential customers the confidence todo business with them. In other words, we help small businesses open up their top end growth.
Jon: Do you have bad days as a vCISO?
Mike: Look, cyber events like ransomware are happening all the time at alarming rates. They are impacting society and the economy at large. We live in an interconnected world. Take supply chains, for example. If a cyber event occurs, you may not realize the full breadth of that breach for months.
When something bad happens, it’s unfortunate. If it was preventable, that’s even more unfortunate. It’s a bad day when the realization happens to business leaders that those cyber risks could have been mitigated.
Jon: What’s one piece of advice you’d like to leave our audience with?
Mike: As a security professional, focus on protecting the data. That’s the job. Use it correctly. Back it up. Make sure it’s secure.You don’t want to get beat on the blocking and tackling! In other words, lay the groundwork and cover the basics.
For an easy reference to the top 10 things you can do to protect your data, download our infographic.
Listen to the complete interview on The Security Podcast of Silicon Valley or your favorite streaming platform.