Don’t Be The Next Data Breach Scapegoat

As AV integrators adopt a managed services model, they should train staff on cybersecurity, hire dedicated IT staff and look into cybersecurity insurance.

Leave a Comment

Remember that Target breach in late 2013 that exposed the credit and debit card information of 40 million customers? Officials were actually able to track down the source of that data breach, and it was hardly the retailer’s fault.

Hackers gained entry to Target’s system by stealing the credentials of an HVAC vendor that had remote access to the system that wasn’t cordoned off from the retailer’s payment system.

Pro AV integrators no longer just install devices and systems. Most of them now offer a full suite of services, including remote monitoring that requires them to be tapped into customer networks.

How would you feel if your company were responsible for data beach of that size? What would that do to your reputation?

According to NSCA webinar “Cybersecurity: Hear it from your peers!”, cyber threats are the no. 1 concern among U.S. CEOs.

Your clients want you to be secure

According to Brandon Conick, chief information officer at Conference Technologies Inc., customers are increasingly building in cybersecurity requirements into RFPs, especially for larger customers offering big projects.

“You have to have a good plan for it or else its not worth the risk for them to do business with you,” he said.

Christina DeBono, president of ClearTech, said her firm’s clients – many of which are Fortune 100 or 500 companies – require bidders to pass rigorous certifications that stipulate contractors have full-fledged cybersecurity programs in place.

“I feel that that cybersecurity improvement is absolutely critical for our industry,” she said. “It could jeopardize the very existence of our companies if we don’t take it seriously and implement rigorous programs to improve our cybersecurity.”

It might look obvious, but some employees won’t recognize an attack

No, your boss doesn’t want you to buy $1,000 worth of gift cards and take pictures of them to send. When someone emails you from outside the organization, take at good, hard look at it before clicking on any links of opening attachments.

According to Conick, his company routinely field those kinds of emails, but training, awareness and other tools help make that a moot point.

According to Rob Simopoulos, co-founder of cybersecurity firm Defendify and host of the webinar, said project bid specifications – especially for larger, security-intensive projects like airports – are asking for a contractor’s level of cybersecurity training and awareness.

Those requirements also included a third-party cybersecurity assessment and running simulations against your network to identify and shore up your defenses.

Consider hiring a dedicated IT director and buying cybersecurity insurance

If you haven’t already, your integration firm should heavily consider in hiring a dedicated IT director to monitor your company’s network and help protect your customers.

“Without somebody driving it here, we would have signed up for a couple things, but it would have died,” Conick said on his company’s cybersecurity actions.

A good IT director for your business should not only have the technical understanding and IT savvy, but also business knowledge to come up with solutions that fit your business needs.

Read Next: The Best Data Breach Incident Response Plans Require These Steps

Cybersecurity insurance can help protect your company against ransomware and other attacks, but it should be your last line of defense.

Simopoulos equated it to car insurance, which provides some peace of mind in the event of an accident, but drivers should still drive safely.

“It’s getting them to drive safely while using this technology,” he said.