Protecting customer data is critical in today’s hyper-connected business landscape, but some business owners aren’t convinced that data security is as big of an issue as it’s often made out to be...until they become a target. Knowing these cybersecurity facts could change their mind:
How can you protect your data and your organization’s livelihood? Start by implementing these business cybersecurity best practices.
Most of the technology needed to conduct business — software, computers, printers, etc. — comes pre-programmed with default passwords. If any piece of equipment or device is connected to your network, it must be secured.
The first rule of thumb is to change any default passwords, as they are often easily deciphered by cyber criminals. The second rule of thumb is to change it to a phrase that will be difficult to guess or hard for phishing software to easily configure. Avoid common phrases or sequences such as “password” or “12345,” and don’t use personal information such as names, user IDs or birthdays.
Once you change your passwords, make sure they remain secure. It’s surprising how many people keep passwords out in the open and written on notes affixed to their computers. There are several recommendations for maintaining strong passwords, including changing your password periodically, so develop a protocol and insist that all employees follow it.
It’s estimated that almost two-thirds of cyber attacks target small businesses. Perhaps that’s because an astonishing 90% of those businesses don’t have any data protection in place for their company and customer information. Often, it’s because of a lack of proper firewalls and antivirus software. Dig deeper, however, and the root cause of being ill-prepared is the fact that there’s simply a lack of knowledge about how to configure a network firewall and which is the best antivirus software for their situation. Once the right technology is in place, keeping it updated with the latest security patches and upgrades needs to happen in a timely manner as well.
Enlist the help of qualified IT professionals to make sure this is done properly and, if you don’t have someone with those skills on staff, get help from an outside source that specializes in IT management and security. The investment is worth it.
While every company carries some personally identifiable information (PII), for some businesses the cost of a data breach may be manageable. However, many small to mid-sized companies are used as stepping stones into larger targets because they transact with companies that either carry a lot of protected health information (PHI), PII, or are heavily managed with devices connected to the internet. Many of the massive data breaches you hear about are perpetuated through smaller organizations.
Often times, cyber criminals use small to mid-sized companies as access points to larger targets, and if your company is responsible for a cyber incident at a different organization, you could be on the hook for the incurred losses. When beginning a new business relationship, it is vital to understand how this new relationship may affect your cyber risk profile.
Even if you have the latest and greatest antivirus protections in place, you’re still missing the most important measure you can take to secure your data: educating your employees. The main cause of data breaches in the U.S. is employee negligence or mishandling of information. This vulnerability extends beyond falling for phishing email scams and includes disregarding security procedures and protocols, such as leaving computers unlocked at the end of the day, using unauthorized applications or losing devices or documents.
Be vigilant about educating employees on how to identify phishing scams and review policies periodically to remind them about the importance of maintaining cybersecurity protocols. Be sure to have a procedure in place to retrieve any devices and data from employees who leave your company, especially if they’re going to a competitor.
What if all those preventative measures are in place and you still experience a data breach or malware attack? The faster you can restore that data and get back up and running, the fewer the potential implications. To do this requires a good backup system that is updated frequently. Today, many cloud-based backup systems update upon the hour or in real-time to continually capture data. If a disruption occurs, systems can be restored quickly with minimal downtime.
However, a surprising number of companies still rely on legacy systems and “backup tapes,” often doing backups only once a day or even weekly. Considering the pace of business and the amount of data that is generated in a single day, this can lead to extensive losses. What’s worse is that many businesses never test whether their backup systems actually work, and more than one in five companies that experienced a data loss said their backup systems didn’t operate properly when called into action. You can significantly reduce the risk of data loss and cybercriminals holding your data hostage by ensuring you have a well-functioning backup system in place.
Unfortunately, there’s no 100% guaranteed way to avoid the risks of a potential data breach. Even when you have a good backup system in place to restore your data, it may takes weeks or even months to restore all of your files, depending on the amount of files or complexity of the system. That’s why, in addition to a backup system, you need a backup plan.
Make sure you have cyber insurance coverage in place to mitigate the risks of lawsuits and other financial implications. However, just like there are good and bad backup systems, there are good and bad insurance policies. Many data breach coverages may protect your company from direct losses but are ineffective and will fail to protect you from third-party liability claims, which is far more likely for companies that have very few records themselves, but are used as a gateway into larger, juicer targets.
When considering cyber insurance, work with an experienced risk advisor who is familiar with the many nuances of your business in order to best protect against the most likely threats unique to your situation. Most cyber insurance is relatively affordable, so investing in robust coverage shouldn’t break the bank. If you have other questions regarding data protection, cyber security or cyber insurance, reach out to our team today to discuss your concerns and to help form a strategy for securing your data.