resilience cybersecurity data privacy cyber security

What if I told you that there was one thing you could do right now that would dramatically improve your cybersecurity and reduce your risk of being the victim of a cyber attack? What if I told you that doing that one thing would also help you recover from a data breach or identity theft much more quickly?

What if I told you that one thing wouldn’t cost you a penny?


Threats to our personal information, our families, and our businesses from cyber attacks seem to be everywhere these days. Anyone who doesn’t believe they are a target of cybercriminals or other cyber threats isn’t paying attention.

Think your business is too small to be a target?

In 2018, 58% of reported cyber attacks targeted small business.

Think you don’t have anything that cybercriminals might want?

Your login credentials for any account you’ve created sell for up to $15 each on the dark web.

Think it’s meaningless that hackers only have information from a couple random accounts?

You’d be amazed what advertisers can do by combining information about you from different combinations of data that you’ve allowed to be given away. Just imagine what a hacker could do when they have access to combinations you would never allow to be given away.

The first step in handling any problem is to admit that you have one. Recognizing the existence of a threat, particularly this kind of threat – the kind that our brain hasn’t evolved to deal with directly, is critical.

But you’re here, so my guess is you’ve at least acknowledged that a threat exists. So what have you done about it up to this point?


While acknowledging the existence of the problem is important, stopping there can have catastrophic consequences.

Whether it’s the result of lacking faith that any cybersecurity measures will protect you:

In one survey, more than 65% of very small businesses reported being the victim of a cyber attack in the previous year. However, less than half of businesses in the same survey reported that they intended to spend more than $500 on cybersecurity in the coming year.

… or the result of outsourcing your security and then pretending it doesn’t exist:

In a survey of small business IT Professionals, 44% reported their companies had been the victim of a cyber attack in the previous year, and 65% had been a victim in the prior two years. However, in a related study, small business ownersonly 14% indicated that their business had ever experienced a data breach.

“Many business leaders are not educated about their networks. They assume that if they have a firewall, then they have a padlock on the door and no one can get in. They also assume that if their security has been outsourced to a managed service provider (MSP), log monitoring is happening, or the service includes intrusion detection.”

Chad Paalman, CEO of NuWave Technology Partners

… or the result of half-measures that give the illusion of cybersecurity but fail to make you more secure:

Even when small businesses make the basic investment to be able to detect a cyber attackmore than half don’t have the systems in place to conduct an investigation of the attack. Including what parts of their own systems had potentially been accessed and compromised.

Don’t mistake movement for action.

While admitting that a problem exists may be step 1, step 2 must be acceptance of the fact that you have the power to do something about it. By taking action, you can reduce your own risk of a cyber attack. By being prepared, you can reduce the impact of a cyber attack if one occurs.


So yes, being aware of the risk and believing you have the power to reduce your own risk are important, but I promised to tell you one thing you could do today to reduce your risk of cyber attack and improve your ability to respond to a data breach or identity theft, didn’t I?

Ok, here it is:


Seem trivial?

It’s not.

Having consulted on cybersecurity over the past few years, it struck me that there is no shortage of questions about cybersecurity – about how we can keep ourselves, our families, our businesses safe from cyber attacks.

The more people I speak to, the clearer the situation becomes: there are a lot of people with questions, and there is a lot of information out there. But there are very few answers.

The result: a system wherein those who make the decisions are uninformed or ill-informed as to the best solutions available for their particular situation.

When you have serious, fundamental questions, but despite a deluge of information, there are very few actual answers, it’s easy to be overwhelmed. To give in to the impulse to outsource. To tune it all out. To throw up your arms in frustration and give up.



It doesn’t matter whether you’re trying to protect your personal information, help your company shore up their defenses, or smack in the middle of the chaos of a cyber attack response, you simply can’t give up.

Handing over your company’s cybersecurity to a third-party vendor and assuming “it’s been handled.”

That’s giving up.

Refusing to spend more on your company’s cybersecurity systems than your personal Amazon Prime membership.

That’s giving up. 

Purchasing cybersecurity systems to monitor for an attack, but refusing to invest in systems to track and investigate an intrusion that’s been detected.

That’s giving up.

If your goal really is keeping your personal and business data as secure as possible, to limit the opportunities cybercriminals have to access your systems, to ensure that you recover from a data breach or identity theft quickly and with as little harm as possible, you have to resist the temptation to give up.

A refusal to give up, even in difficult circumstances, is the essence of Resilience. Regardless of what you get, you come back strong, and you don’t’ give up.

My goal is to give you the tools, and more importantly the answers, to justify your refusal to give up. To make you resilient.

About the Author

cyber incident responseBrian Focht is a cybersecurity and civil litigation attorney based in Charlotte, North Carolina at the Law Offices of Brian C. Focht. In addition to being the author of Resilience Cybersecurity & Data Privacy, he is also the author of the The Cyber Advocate, a blog on tools and technology for lawyers, the producer and host of the Legal Technology Review podcast, and co-founder of B&R Concepts, a small business technology consulting company.


Pin It on Pinterest

Share This