My dislike of cold calling aside, every now and then I'll go through a stack of old business cards and call a few people. While these aren't 100% cold (I have a business card, so at some point I met the person), they're still pretty frigid. This morning, I set aside a stack of cards of people with whom I'd met in my previous role with a web marketing firm. It's been over four years, so none of these people have a reason to remember me, but at least I can say "you and i met when you were contemplating a new website." In any case, I had the opportunity to speak with the comptroller of a local manufacturing firm. It was a pretty brief call, but that gives me more time to write a blog post about it.
After a quick introduction, I asked how the company was handling their IT needs. I was told that everything was handled internally, and had been for the past twenty years or so. "It's all pretty good", John told me, with something less than 100% conviction. Clearly, John wasn't interested in my pitch, and was looking to get off the phone. Instead of talking managed IT, I asked whether they'd ever been hit by ransomware. "Oh, sure. It's happened a few times. I'm sure it happens to everybody", said John, exuding even less confidence. "So John, aren't you worried about downtime, loss of data, inefficiencies, the cost of the ransom, or the price of the remediation?" Again, "no, we're all good", and the call was over before I could tell him that Ashton can prevent all of that, pretty easily.
There are a few things I see in this role on a regular basis that will never cease to amaze me;
My question here is, why are so many people so disinterested in protecting the investment in their business and/or their livelihood? Protection from ransomware and data loss can be looked at like insurance. People buy insurance for their cars, their residences, their businesses, and their health, without even thinking twice. Some take it the extra step and insure their dogs, their antiques, and their motorcycles... Many now even buy cyber insurance. But that doesn't prevent anything, it just pays for some (hopefully) of their loss in the event of a disaster. But when it comes to insuring that they don't get hit by ransomware, and that they won't lose their data (or access to it), they're willing to take their chances. Instead of preventing disaster, they're willing to deal with the disaster when (not if) it happens.
I'd love your feedback on this. Have you taken the proper precautions to secure your network and data? If so, what steps did you take? If not, what's your reasoning?