As the number of cyber attacks and data breaches grow, it’s becoming more and more apparent that companies and organizations must take the appropriate measures to protect themselves from this threat. It’s no longer a question of if, but when a hacker could strike, and failing to have responsive counter procedures is no longer an option.
1. Understand Your Risks
Cyber security preparedness starts with knowing what internal and external liabilities can impact your business. You’ll need to understand how hackers can gain access to your information, what their motivating factors are, and identifying your system’s weak points. Educate yourself on the various types of fraud schemes and threats that exist – phishing, pharming, malware, social engineering, system hacking, cyber extortion, and everything in between.
2. Make Security a Part of Your Culture
Employees are the first line of defense against cyber-attacks, be sure to equip them with knowledge and effective practices that will help keep your business secure. The first step is to create a formal internet policy – note types of emails that are okay to open, email attachments that are okayed for retrieval, and software that can and can’t be used on devices. Work with IT to draft guidelines that will work with your company, and have them actively remind employees of cyber security best practices through email.
There are various other safe practices employees can incorporate into their daily routines that helps increase your company’s protection against cyber threats. These include:
- Strong Complex Passwords – Create passwords that have 8-12 characters and use a combination of upper and lower-case letters, numbers, and symbols. Never use any personal data or a sequence of numbers. Require passwords to be updated every 90 days; sooner if you work with highly sensitive information.
- Clean Desk Environment – Protect personal and confidential information by decreasing exposure. This policy works with basic privacy principles, but also helps reduces the risk information theft, fraud, and a security breach.
3. Secure Laptops & Mobile Phones
Due to portability, laptops and mobile phones are more susceptible to theft than desktops, so extra steps are required to protect sensitive data. The first step is to make sure they both are properly encrypted. Encryption software changes how information looks on the hard drive, so if a person doesn’t have the correct password, the data becomes unreadable. For mobile devices, enable a “lock-out” period, where if your phone is not in use for 2-3 minutes, it automatically locks itself. Additionally, enable remote wiping on your mobile device. This will allow your IT team to wipe your device clean of data/information in the event your phone is lost or stolen. Lastly, it is recommended to always take these items with you, but if you must leave them behind do not leave them in plain sight inside of your car. Lock them in your trunk, putting them out of view from potential thieves.
4. Update Software Regularly
We all get notifications to update our software, and they usually seem to come at inconvenient times, right? You’re in the middle of doing something important, so you just click the “install later” button and carry on with what you were doing. However, these updates are critical to not only keeping your programs running smoothly and efficiently, oftentimes these updates come with security patches which remove security holes that leave you vulnerable. Hackers exploit this weakness by building malware that can attack your computer when you visit a website, open an infected message, or play infected media. Once infected, the malware can steal data, take control over your computer, or make your software act in malicious ways. Best way to prevent this? Click the “Install Now” button when your software advises you updates are available.
5. Make Backups a Part of Your Routine
Ensure your data is safely stored by performing regular backups, either to an external hard drive, or to the cloud. A general guideline to abide by is to back-up your servers in full on a weekly basis, with incremental back-ups on a nightly basis. Same goes for all personal computers. However, incremental updates can be limited to every 2-3 days for some businesses’ pcs, but if you’re dealing with a lot of incoming data, daily may still be best. Regular backups can help protect you if your data ever becomes compromised, and leaves you less susceptible to ransomware.
6. Diligently Monitor Online Activity
Strengthen the previous mentioned efforts by setting up a monitoring tool with data leakage prevention software. The software is placed at key network touchpoints and monitors specific information coming out of your system such as credit card numbers, pieces of code, or any information that you deem relevant as a breach. Without proper monitoring, your efforts and resources are wasted. Worse yet, you won’t know you’ve been compromised until it’s too late.
When starting a business, everyone knows it’s important to protect yourself with proper business insurance and workers compensations coverage. With more and more small businesses operating online, it’s important to consider covering yourself with adequate cyber liability coverage. This coverage will protect your company from incurring potentially significant costs down the road. This type of insurance helps you deal with the fallout after your data has been compromised and they take you through the process of repairing the damage done step-by-step. This typically includes working with forensic IT specialists who determine how your system was breached, and offer suggestions to resolve it, and a PR specialist who will help you notify potentially impacted employees/customers/vendors of the breach and the steps you are taking to protect them, and the steps they should take as well. Additionally, they can help cover cyber extortion costs. Plans vary, but $1 million policies are typical for small business. Talk to a specialist who can help you identify what coverage will work best for you and your organization.
If you’d like to learn more about cyber liability, please check out our special podcast here.