Most recent articles
Why You Need to Prepare for a Cyber Security Breach
When Super Bowl Sunday approached, a cyber security breach during the event was among many of the concerns on security experts’ minds. Millions were expected to tune in when the Super Bowl kicks off in Atlanta, setting a big stage for someone who wanted to wreak havoc.
Panelists at the inaugural Symposium on Cyber Culture, held in January 2019 in Atlanta, addressed these issues by discussing the stakes and how battling a breach needs to be a team effort.
(Photo: Mercedes Benz Stadium in Atlanta, Georgia - home of Super Bowl LIII)
“Everyone has the same risks [of experiencing a cyber security breach]; it’s just the size of the beast. The Super Bowl is a big beast. The unique thing is the number of eyeballs watching,” says Mike Daugherty, founder of the Cyber Education Foundation, which put on the Symposium on Cyber Culture. “[This event] was a good way to bring people together and ask, ‘You’re running the Super Bowl. What do you do?’”
The symposium’s panel included representatives from backgrounds including human resources, legal and consulting. “I was seeing all these [breach] events that just had one type of person in the room,” Daugherty says. “When you have a breach, it’s all hands on deck. I wanted to bring people in with different backgrounds who think differently.”
[Related: 3 Tips to Improve Facility Cybersecurity]
A Cyber Security Legal Battle
The creation of the Cyber Education Foundation was inspired by Daugherty’s firsthand experience. In 2008, his company, LabMD, was hacked by a security consulting firm that wanted him to buy their services. The firm accessed a confidential file on one of LabMD’s workstations that had LimeWire’s file-sharing software downloaded onto it.
Daugherty refused the security consulting firm, which then turned the file over to the Federal Trade Commission (FTC). The FTC has a history of suing companies that experience security breaches (hoping to improve general security practices) and eventually brought those charges against LabMD – forcing it out of business.
Daugherty decided to fight the system, and he entered into a decade-long battle with the federal government. In the summer of 2018, the 11th Circuit Court of Appeals sided with Daugherty, saying that “the FTC’s approach to developing security standards violates basic principles of due process,” according to The Hill.
His win is considered one of the most significant legal victories in cyber security history. With the Cyber Education Foundation, Daugherty aims to bring awareness to stories like his and help medium and small businesses prepare for similar attacks. The foundation plans to bring the Symposium on Cyber Culture event to at least 20 other US cities throughout 2019.
“I hope people left [the Atlanta event] thinking, ‘We have a lot of preparation to do,’” Daugherty says, adding: “Most probably don’t involve the marketing or PR department in breach practice. The main goal is to bring people together and think, ‘We have to have a team.’”
Cyber Security & Facilities Management
When LabMD experienced its cyber security breach, it was located in a Class A office building. Daugherty’s first rule of thumb for facilities managers is to evaluate all of the tenants in your building and how they interact with cyber networks.
[Check out: 5 Must-Know Security Trends]
“The weakest link is the human being,” Daugherty says. “You can tech your building up like crazy, but who’s letting people in the door at 3 a.m.? Who’s watching the locks? As people get phobic and afraid of cyber, the big organizations tend to recede, become silent and look for who to blame.”
To that end, Daugherty recommends you should avoid pointing fingers. Instead, set a good example by praising good habits and give tenants constant reminders on best cyber security practices. Top-level executives should also be encouraged to get involved. “The C suite has got to get out and break bread,” Daugherty says.
Be proactive. Set up practice breaches and involve a wide array of departments – from facilities to IT to PR to legal.
Daugherty adds, “We need a whole lot more education, collaboration and a whole lot less punishment.”
Two handpicked articles to read next: