In a recent interview about the Titan sub catastrophe, director of the movie Titanic James Cameron, who has made 33 successful dives to the Titanic wreckage site, pointed out that this tragedy is eerily similar to the 1912 Titanic disaster: the captain of the 1912 RMS Titanic was repeatedly warned about ice ahead of his ship, yet he plowed ahead at full speed into an ice field on a moonless night, resulting in the deaths of over 1,500 innocent souls.
The captain of the sub-Titan and CEO of the company OceanGate, Stockton Rush, was also repeatedly warned about his vessel’s safety, lack of certification for the vessel’s integrity, lack of a tracking device (think airplane black box), their experimental approach to deep dives (even though this is a very mature and well-understood practice) and lack of a backup sub. He also proceeded to plow ahead at full speed, taking people in an extremely unsafe vehicle and also killing innocent people. If there was ever a case for willful negligence, this is it.
When it comes to IT security and compliance for small businesses, this kind of willful negligence is rampant. Sometimes it ends with an abrupt, catastrophic “implosion,” as with the Titan, where a company is destroyed by a ransomware attack, operations shut down, unable to transact, employees and clients are harmed and their reputation is tarnished.
In other cases, the risk is there but hasn’t been addressed because nothing bad has happened – yet. Willful negligence in IT security and regulatory compliance with data privacy and protection comes in three forms.
The first is willful ignorance. Some people running a business are young and inexperienced, too new to the business world to understand the risks they incur by failing to protect their clients and themselves. Often, they are being advised by the wrong people – an IT firm that knows how to make their tech work but lacks the expertise to implement good security protections. You can’t blame them for getting it wrong initially, but at some point, they’ll get smacked with a cyber-attack and learn the error of their ways the hard way.
The second type of willful negligence is willfully stupid (excuse my language)
This group CANNOT claim “ignorance” as their defense. They KNOW they should protect their business and clients’ data from cyber-attacks. They’ve heard the stories, they know the laws, and may have been warned by their IT company or person, but foolishly believe “that can’t happen to us” or choose to assume they’re “fine” because they are using a cloud application that promises compliance (which is correct for THEM, not necessarily for YOU). They trust but don’t verify that their IT person or company is actually doing what they’re supposed to, and often lack cyber liability insurance, choosing to take the risk because they’re cheap or can’t be bothered.
The third type of willful negligence is, in my opinion, the TRUE meaning of willful negligence and the most immoral and unforgivable. Determined negligence. These people stubbornly insist on continuing to operate without proper security protocols in place, without a disaster recovery plan, without any insurance, without assessing and inspecting their environment and refusing to acknowledge ALL facts, history, and evidence to the contrary. They know they are acting irresponsibly but don’t care.
After the tragedy of the sub, multiple experts came forward to point out all the risky behaviors Rush was allowing. The hull had not gone through any cyclical pressure testing or thermal expansion and contraction testing. The hatch could only be opened from the outside and not the inside, which wouldn’t allow them to escape if needed in an emergency – one small fire inside would have been catastrophic. No atmospheric system to monitor interior gases such as oxygen, carbon dioxide, and carbon monoxide. No emergency air-breathing system. The viewing window was only certified to 4,000 feet, not the 12,500 feet of the Titanic wreck. But the most egregious of all was an egotistical assumption by the CEO that he knew better than everyone else around him.
I wonder if he put all of this in the brochure and explained that philosophy to the people in the sub who lost their lives that day.
Everyone makes mistakes. Everyone has a moment in their lives when they trust someone they shouldn’t. Everyone has blind spots; we’re all ignorant and misinformed about something. The question is, do you STAY willfully ignorant or stupid to the point of being determined to hold steady to your course of action to the point where you harm yourself and others as well?
If you do, it’s only a matter of time before you have your own ship sunk, your own personal Titanic-size wreck. Sadly, if you’re the CEO of a company that holds financial data, credit cards, medical records, tax returns, Social Security numbers, birthdays or even the contact details of your clients OR employees, YOUR willful negligence in cyber protection will absolutely harm others.
If you want to make sure you’re not accidentally exposing your clients’ data and violating data protection laws, schedule a quick call with us to discuss your concerns and see if there are ways we can help you avoid exposing your clients’ and employees’ data by accident.
FREE IT Optimization Plan
Are you completely fed up with chronic computer problems and escalating IT costs? Do you worry that your backups and IT security are lacking? Do you have a sneaking suspicion that your current IT guy doesn’t have a handle on things? Our free IT optimization plan will reveal gaps and oversights in your computer network and show you how to eliminate all your IT problems and never pay for unnecessary IT expenses again.
Complete this form below to get started. We will contact you to discuss next steps to getting your free IT Optimization Plan.