Blog
← Back to Blog
November 12, 2018 general

Thanksgiving 2018: Grateful for Backups, Vigilant About Everything Else

Data backup and protection Gratitude and thanksgiving

Three years ago, we published a Thanksgiving post about a ransomware attack that turned into a half-day inconvenience because the practice had good backups. That post exemplifies everything we're grateful for in cybersecurity and everything we're frustrated about.

What We're Grateful For

Backups

A well-maintained backup is the ultimate security measure against ransomware, hardware failure, and accidental deletion. A backup transforms catastrophe into recovery. We're grateful for every practice that tests their backups regularly and keeps them current.

Awareness

Three years ago, asking a practice owner about cybersecurity felt like asking them about underwater basket weaving. Today, it's a standard conversation. WannaCry, NotPetya, and Equifax made it impossible to ignore. People are paying attention.

Progress

Two-factor authentication adoption is up. GDPR passed. Privacy regulation is coming to the US. Security awareness training is becoming standard. We've made real progress.

What We're Vigilant About

Complacency

Awareness is up, but action is inconsistent. Many practices now understand the threats intellectually but still haven't implemented basic defenses. Understanding is not the same as action.

Change Fatigue

We ask practices to implement password managers, enable 2FA, patch regularly, maintain backups, and conduct security training. It's a lot. Some practices get overwhelmed and do nothing instead of doing something.

Supply Chain Risk

As practices increasingly rely on cloud services, vendors, and integrated systems, the attack surface expands. NotPetya showed that a compromised software update can take down an organization. We need to be more vigilant about vendor security.

Cyber Insurance Gap

Many practices still don't have cyber insurance. The coverage is affordable and critical. Yet adoption remains low.

The Thanksgiving Challenge

This Thanksgiving weekend, do one thing:

  • Test your backups (take 15 minutes)
  • Enable 2FA on one critical account
  • Review your incident response plan (or create one if you don't have one)
  • Check on cyber insurance quotes
  • Schedule a brief security training for your team

Don't try to fix everything. Pick one. Do it well. Then enjoy your Thanksgiving knowing you've made your practice a little safer.

Happy Thanksgiving from all of us. Be grateful, be vigilant, be safe.