By Ted Joffs, Sentinel IT Solutions Team Lead

My entire career so far has been focused on risk; mostly in the technology arena. Regardless of the job role, including a technology engineer, risk manager, solutions architect, IT leader, and my current position as a consulting engineer, one thing has always been clear: risk must be mitigated. Today, risk is commonplace with every organization and thrives in the form of cyber threats. Technology has brought us vast advances in manufacturing, banking, medicine, and retail, but with it comes a significant increase in our risk footprints, which can lead to a significant loss of finances, data, or reputation.

Before beginning the process of mitigating cyber risks (some call this risk management; which is an incorrect term in my opinion), it’s essential to better understand what they are and their potential impacts. The risks themselves are varied but tend to fall into the following categories:

Accidental & Intentional Security Breaches

Security breaches are the exposure of systems or data beyond their intended and authorized access footprints. When looking at accidental security breaches, this can include things like a database backup left unsecured, private data sent to the wrong party, or something as simple as a data center cage left open while the engineer was on a smoke break. These may seem trivial, but when your data is breached or your corporate secrets are exposed, you will be left shouldering the responsibility. Then there are intentional security breaches, like those that wreaked havoc on the NSA, Adobe, and the Veterans Administration. These come in the form of virtual or physical attacks intended to either steal data or disrupt services to an organization or individual. These are the attacks that most organizations try to prevent first and foremost – often at the expense of other attack vectors.

Operational System Failures

Operational system failures are a form of cyber risk that I see frequently as a direct result of poor systems maintenance, lifecycle management, and a general overuse of the phrase, “If it ain’t broke, don’t fix it.” Just because something is working doesn’t mean you can skip replacements, patches, or upgrades on a routine basis. Remember, a five-year lifecycle is about the maximum you should try to squeeze out of IT systems. You should really start to mitigate risks around the three year mark. How long do you think your business can run without access to any of its data because you didn’t replace your SAN before it failed due to drive age?

Downline and Upline Risks

Downline and upline risks are the result of doing business with vendors/suppliers. You might think most of these types of risks fall to the business side of the world, but that’s an inaccurate interpretation. If your phone systems, internet, international circuits, hosted email, CRM, payroll systems or other elements go down, employees are likely to hold you responsible. These are the types of risks that you can’t control completely, but are still responsible for.

---

Next time, I’ll explain how you can mitigate against security breaches from a high level. Sentinel offers a variety of security solutions and services that can help mitigate the risk to your organization. Please contact us if you would like to learn more!

By Nora Gibbons, Sentinel Social Media Specialist

Every year we ask our team to share what they are thankful for leading up to Thanksgiving. Here are some of their responses.

“My big adorable dog”

“My dog Tyson”

“My fur baby”

“Healthy family”

“15 wonderful years at Sentinel”

“Family”

“My trip to Iceland”

“Wonderful team”

“Cubicle neighbors”

“Harley, my rescue puppy”

“SPIFFs”

“My family”

“My family”

“My family”

“Jesus”

“Family and friends”

“Faith and family”

“My health”

“God and my family”

“Welcoming me as your new co-worker. Glad to be here!”

“Real family. Work family. Bourbon.”

“My work family”

“My Sentinel family. My home. My health. God’s blessings.”

“Our amazing team across the country”

“Giving back to the community”