What if you discovered that all of the hard work, investments and time you’ve put into growing your firm or business is at risk due to a failure of your outsourced IT company, or possibly even your well-meaning (but overburdened) IT department? If you were exposed to that level of risk, wouldn’t you want someone to tell you about it?

This article is that wake-up call.

Over the last several years, the risks associated with cyber security attacks have grown in magnitude. They are no longer a low-probability hazard that will result in a minor inconvenience. Businesses of all sizes and types are getting hacked and losing hundreds of thousands of dollars, or even multiple millions, in addition to suffering significant reputational damage and loss of client or customer goodwill.

For some, it’s a business-ending event. For nearly everyone else, it’s a significant financial disaster that can negatively impact profits and revenue for years.

Yet too many Managing Partners, Managing Directors, CEOs and small business owners are still abdicating critical decisions regarding risk tolerance and compliance policies to their IT company or IT department when these decisions no longer belong there.

For example, let’s suppose you have an employee who refuses to comply with strict data security and password policies and continually fails cyber security awareness training, putting your firm or company at risk for a cyber-attack and compliance violation.

Should your IT manager or IT company fire this employee? Reprimand them? Is it even their IT department’s job to manage employee behaviour with company data and devices?

If you say yes, the question is, when was the last time you met with them to specifically address this issue and direct them on how to monitor and manage it? Likely never – or once, a very long time ago.

Therein lies the problem. Most Managing Partners, Managing Directors, or CEOs would agree that it’s not up to the IT department to make that call, yet many of these same CEOs leave it entirely up to the IT department (or outsourced IT company) to handle the situation and make decisions about what is allowed, what isn’t, how much risk they want to take, etc.

Worse yet, many Managing Partners, Managing Directors, or CEOs aren’t even aware that they SHOULD have such policies in place to ensure your firm or company isn’t compromised or at risk – and it’s not necessarily your IT person’s job to determine what should or shouldn’t be allowed. That’s your job as the CEO.

What about when it comes time to upgrade or purchase new equipment? There can be a temptation to delay a decision due to budgetary pressures or not move forward at all, yet this could be the very thing that leads to a cyber attack occurring in the first place.

Often, we see IT departments forced to make a move to go with something cheaper, due to not having a enough budget assigned to them, when in reality this leads to a higher total cost of ownership and you and they are shooting yourself in the foot.

This is not an area you can afford to go cheap, and this ties into the next example.

In another example, many firms and companies have invested in cyber liability, ransomware or crime insurance policies to provide financial relief in the event of a cyber-attack and cover the exorbitant legal, IT and related costs that result when such an event occurs. Yet our experience shows that most insurance agents and brokers do not understand and cannot convey to the CEOs they are selling a policy to the IT requirements needed to secure a policy.

Therefore, they never advise their client to make sure they get with their IT provider or internal IT to ENSURE the right protocols are in place, or risk having coverage denied for failure to comply with the requirements in the policy they just sold them.

When a cyber event occurs and the claim gets denied, whose fault is it? The insurance agent or broker for not warning you? Your IT department or company for not putting in place protocols they weren’t even briefed on? Ultimately, it’s on you, which is why you as the Managing Partner, Managing Director or CEO must make sure that decisions impacting the risk to your organisation are informed ones, not decisions made by default.

Of course, a great IT company will bring these issues to your attention and offer guidance, but most are just keeping the “lights” on and the systems up, NOT consulting their clients on business risk and legal compliance.

If you want to make sure your organisation is actually prepared for and protected from the aftermath of a cyber-attack not to mention a significant financial loss that could be in the hundreds of thousands to millions of dollars. Then I urge you to act at once and book a complimentary strategy session with our team, so we can help you avoid that. Click or tap here or call us on 08 6244 2556. It’s free of charge and may be extremely eye-opening for you.

My Info Tech Partner is a trusted IT Services and IT Support provider in Perth that specialises in helping the equity principals, partners, directors, and practice managers of legal, accounting and financial services firms from making big expensive mistakes with technology and ultimately, protect your income.

Naturally, we are the only one that offers you enhanced peace of mind with our “Never Pay The Ransom” $10,000 Money Back Guarantee.