An Ounce of Prevention?

My absolute, without a doubt, least favorite part of my role as sales and marketing manager for Ashton Technology Solutions is the cold calling.  Fortunately, our other sales guy Pete is old school and seems to love it.  He comes in every morning and makes 20-30 phone calls, then spends the afternoon looking for new people to call.  Personally, I try to be a little more surgical as to who I’m calling, and from our conversations with our Taylor Business Group peers (TBG is a managed services providers best practices consortium), both styles of sales are extremely important.

My dislike of cold calling aside, every now and then I’ll go through a stack of old business cards and call a few people. While these aren’t 100% cold (I have a business card, so at some point I met the person), they’re still pretty frigid. This morning, I set aside a stack of cards of people with whom I’d met in my previous role with a web marketing firm.  It’s been over four years, so none of these people have a reason to remember me, but at least I can say “you and i met when you were contemplating a new website.”  In any case, I had the opportunity to speak with the comptroller of a local manufacturing firm. It was a pretty brief call, but that gives me more time to write a blog post about it.

After a quick introduction, I asked how the company was handling their IT needs.  I was told that everything was handled internally, and had been for the past twenty years or so.  “It’s all pretty good”, John told me, with something less than 100% conviction.  Clearly, John wasn’t interested in my pitch, and was looking to get off the phone.  Instead of talking managed IT, I asked whether they’d ever been hit by ransomware. “Oh, sure.  It’s happened a few times. I’m sure it happens to everybody”, said John, exuding even less confidence. “So John, aren’t you worried about downtime, loss of data, inefficiencies, the cost of the ransom, or the price of the remediation?”  Again, “no, we’re all good”, and the call was over before I could tell him that Ashton can prevent all of that, pretty easily.

There are a few things I see in this role on a regular basis that will never cease to amaze me;

• People trust just about anybody- look at how often they fall for scams, leading them to wire thousands upon thousands of dollars to random cyber criminals, or go out and buy $2,000 worth of iTunes gift cards for their ‘boss’ to send to clients.
• They believe “It’ll never happen to me”;  their reasoning is that their business is too small (which actually makes them a better target)
• Or, like John, they’re resigned to the fact that “It’s bound to happen to me- that’s the price of doing business. I’m not going to concern myself with it.”

My question here is, why are so many people so disinterested in protecting the investment in their business and/or their livelihood?  Protection from ransomware and data loss can be looked at like insurance.  People buy insurance for their cars, their residences, their businesses, and their health, without even thinking twice.  Some take it the extra step and insure their dogs, their antiques, and their motorcycles… Many now even buy cyber insurance.  But that doesn’t prevent anything, it just pays for some (hopefully) of their loss in the event of a disaster.  But when it comes to insuring that they don’t get hit by ransomware, and that they won’t lose their data (or access to it), they’re willing to take their chances. Instead of preventing disaster, they’re willing to deal with the disaster when (not if) it happens.

I’d love your feedback on this. Have you taken the proper precautions to secure your network and data?  If so, what steps did you take?  If not, what’s your reasoning?