GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

By Eric Sugar

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour.

Related: Tapping hidden pools of security talent

Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them. This problem, called ransomware, explains why keeping backups is so important. Hijackers’ demands lose power when you can just recover your operations from backups.

Cyberattacks can also lead to a loss of productivity. When your team can’t do their work because they don’t have access to the systems or these are unavailable, everything gets delayed and projects fall behind.

Finally, don’t forget the bad press that results for businesses when they are hacked. This isn’t the kind of exposure you want for your brand.


If your organization is privy to confidential data, then you’re in charge of protecting it, and the law will hold you accountable for doing so.

The penalties for failing to protect this data can be steep. Depending on the type of information businesses lost and how they tried to protect it, they can be fined up to five percent of their revenue.


If the hacked businesses can show they’ve been trying to protect data by investing in security, then fines become less likely. Keep remediation costs in mind. If your organization has wrongfully released information, then you may have to pay for credit protection for people whose private information was compromised.

Best practices

Just two easy technology fixes can help protect against a lot of cyberattacks: multi-factor authentication and deep e-mail scanning, in which incoming emails are automatically screened to avoid phishing and problems. Toward that end, products like Microsoft Defender for Office can help.After that, businesses and organizations should monitor and manage how employees can access sensitive data. Limit availability as much as possible, ensuring people can only see it on a need-to-know basis.

This information should also only be accessible from trusted areas or from areas that relevant staff should be in. Set up rules that employees can only use this information from whatever country you’re doing business in. When staff members travel, keep in mind the minimum travel time. If someone asks for information in Toronto and then again in Texas only an hour later, a security alert should go off, and their access should be blocked. It’s not possible to fly across North America that fast.

As a general rule, all organizations should have a secure operation center as well as a security incident management tool that’s either run internally 24 hours a day, seven days a week, or outsourced to a partner who provides managed-security services. If your business hasn’t been investing a lot in cybersecurity, then the top practice you should implement is tying a monitoring or detection service to a managed-security services provider.

Security awareness training

Finally, employees are arguably the most important piece, so everyone at your organization should be thoroughly trained on best practices to protect data on an ongoing basis.

In particular, workers need to judge accurately whether or not to click on something, understanding that they shouldn’t trust every message that comes to them. If they have a hunch something isn’t right, they should pick up the phone to verify things or else go talk to the IT team.

Businesses and organizations should always assume someone’s trying to breach them. Smart business leaders choose to be proactive and manage the risks by staying current with cybersecurity solutions. Quite simply, investing in cybersecurity is a standard cost of doing business today.

About the essayist: Eric Sugar is president of ProServeIT, an Ontario, Canada-based vendor that supplies managed IT services, custom software development, and technology consulting services advantage to companies of all sizes in all industries.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone