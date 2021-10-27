Expert: How to minimize business risk of cyberattack

Cyberattacks have become so rampant, they threaten businesses of every size, but there are ways for business owners to lower the risk, as cybersecurity experts shared at a conference Tuesday.

The first step is to determine the risk of a cyberattack, or the worst-case scenario for the company, said Richard Clarke, a cybersecurity expert and former U.S. chief counterterrorism adviser for former presidents George H.W. Bush, Bill Clinton and George W. Bush.

Richard Clarke served in a variety of senior positions in the White House (special assistant to the president), Pentagon and State Department (assistant secretary) for over 30 years.

“What are you trying to stop at all costs?” Clarke said at the Business Journal’s virtual Cybersecurity Conference.

There could be multiple things that need protecting, he explained. Among them are money, intellectual property and customers’ personal identification information. For some businesses, it could be a safety issue.

A cyberattack also can cause a business to lose time and customers, along with its reputation, he said.

Clarke advised business leaders to create a cyber-risk register, listing and prioritizing the most important items for the business — and to not expect solutions to be figured out in a week or a month.

“Develop maybe a two-year roadmap of how you're going to reduce those risks,” Clarke said. “You’re never going to eliminate them. This is about risk management, not risk elimination, and it’s about doing it at a price you can afford.”

Clarke, who consults with large businesses about cybersecurity, said the same principles apply to small- and medium-sized businesses.

He shared about a dozen tips to help businesses mitigate the risk of falling victim to a cyberattack, with assessing cyber risk as No. 1. In addition, if a security fix or update is needed, patch it right away.

Clarke also advised business leaders to outsource their cyber needs to the experts, encrypt everything, use a multifactor authentication system, back up and segment the company’s data and network, and create a firewall to limit the network.

Businesses also would be wise to buy cybersecurity liability insurance, Clarke said.

“If you are hit by ransomware, or any other possible kind of cybersecurity problem, they'll pay, not only to get your network back up, but they’ll pay your legal expenses, PR expenses. And if you get ransomed, they’ll pay the ransom,” he said.

Clarke also advised businesses to get intelligence by joining an FBI-sponsored group or through the Homeland Security website — at no cost.

Finally, he urged businesses to hire a consultant to do drills for employees and create a culture of security so everyone in the company understands that cybersecurity is everyone’s responsibility.

Comcast Business was the major sponsor for the Cybersecurity Conference, and Exchange Bank was the underwriter.