The Questions I Keep Hearing
Over the past few weeks, I’ve had the opportunity to speak to several groups, typically on the same core topics you see in these posts: digital forensics, where data resides, and what to do if you suspect a departing employee took your data.
And there’s one question (or some version of it) that keeps popping up:
- Is what you do part of the “cyber threat” problem?
- What’s the best software to protect us from cyber issues? Will it also stop people from stealing our information?
Usually, these are asked right at the start of a talk, before I’ve had a chance to dive into how cyber, data theft, and forensics intersect. But they say a lot about how most people, including business owners and attorneys, perceive the mix of security, theft, computers, and “cyber.”
“Cyber” Has Become a Buzzword (and a Bit of a Boogeyman)
It’s no wonder. We’re bombarded daily by headlines about cyber attacks, hackers, and data breaches. And from my conversations, it’s clear most people aren’t sure what to do with that information, other than be understandably worried.
Now, to be clear: I don’t market myself as a “cybersecurity expert.” I’m an investigator. That said, the two are absolutely related. When there’s a breach, it’s often because data was stolen, and I’m frequently called in to help figure out exactly how and who did it.
Because I work with companies both before and after they’ve experienced data theft (and often by insiders who already had access), I’ve developed some perspective. I see the methods data gets exfiltrated, which means I can also help clients shore things up to minimize the chance it leaves in the first place.
Strip Away the “Cyber” It’s Just Data Theft
When I’m speaking to groups, one of the first things I suggest is stripping away the intimidating “cyber” label.
Why? Because when people hear “cyber,” they think it’s all complex IT stuff, way beyond their reach. (In fact, in one conversation, someone even joked it sounded like a new drug: “From the makers of Viagra… comes Cyber!”)
The real danger of that mindset is people conclude, “There’s not much I can do about that.” That couldn’t be further from the truth.
Yes, there are outstanding cybersecurity professionals out there but there are just as many who aren’t. “Cybersecurity” has become something of a new gold rush, with plenty of folks more eager to bewilder clients (intentionally or not) than to give them real clarity.
The Biggest Threat Is Usually the Easiest to Understand
I always tell people: if your computer is connected to the internet, then sure, the threat is technically “cyber.” But it’s much simpler (and more practical) to think of it as data theft.
When you do that, the main threat becomes a lot easier to grasp and to tackle. Because more often than not, it’s not faceless hackers across the world. It’s insiders who already have access to your data.
And that means the most effective way to protect your company’s information starts with:
- Minimizing access. Only give employees access to the data they genuinely need.
- Having clear data protection agreements. Make sure employees understand they don’t own the data you paid them to work on it. It’s your intellectual property.
- Prohibiting them from bringing in data from a previous employer. If you’re hiring someone from a competitor, the last thing you want is to be accused of misappropriating that competitor’s trade secrets because your new hire brought something they shouldn’t have.
“Cyber” Still Matters But It’s Not Some Separate Animal
Of course, if your systems are connected to the internet (and whose aren’t?), then yes, you have concerns that fall under the “cyber” category. But in truth, it’s not all that different from your other data concerns.
Whether it’s your company’s trade secrets on a shared server or the digital family photos stored on your home computer, losing them or having someone misuse them is painful.
People often ask me what the best software is to keep them protected. Antivirus? Anti-malware? The reality is there will likely never be a piece of software that can keep you completely safe.
So the better question is: What can you do (or avoid doing) to best protect your data?
That’s where smart usage and proper training come in. In fact, I believe teaching people to recognize threats and use their devices responsibly is far more valuable than any software alone. (We’ll dive deeper into that training in future posts.)
The Takeaway
So next time you hear the word “cyber,” don’t let it scare you into thinking you’re powerless. At its core, it’s about data theft and often, it’s the insider with legitimate access who poses the biggest risk.
Focus on restricting access, having strong agreements, and fostering a culture of data awareness. That’s the best defense, no matter what buzzword the threat is given.