At one time all you had to do to secure your business was to lock the money in the safe, lock the file cabinets and lock the doors. A physical wall of protection to secure your business was all you needed. Those were the good old days, at least that was what we were told. Times have changed and none of us believe in fairy tales. In today’s integrated world that business model is as obsolete as a physical wall.
To compete in today’s world, a firm needs to be integrated allowing and gaining access to the entire world. Every firm faces the risk of a data breach. Recent studies show that small firms are the most vulnerable. That showed that small firms were victims of 43% of the 2015 cyber-attacks.
So how does a small entity avoid being part of the growing threat? They need to build that wall! But this time it is a virtual wall with many layers. And oh by the way, the wall needs to be built with little or no budget.
1. Train your employees--Staff cause almost 50% of data breaches in small and mid-size firms. An innocent mistake because of staff’s basic lack of data security awareness and how hackers work cause most breaches. Staff education is the 1st essential wall to keeping a cybercriminal out.
A growing threat for firms is where hackers pose as a trusted source in need of confidential data, for example the boss asking for a complete list of all payroll data including birthdates and social security numbers. Through phishing, employees are invited to click on a link putting holes in your wall with unknowingly installing a virus/Ransomware on their computer.
To avoid these traps:
- Confirm the legitimacy of the source before giving out confidential information
- Never open attachments from people you don’t know
- Avoid suspicious links in emails, websites and online ads
2. Secure sensitive information—Cybercriminals covet sensitive data as a valued commodity for profit. It includes personally identifiable information for staff, clients and vendors as well as client business trade secrets, financial data and other firm-confidential information. In the wrong hands, this information can damage your firm and clients reputation opening a firm up to sanctions and fines. Build a wall around this data by limiting access to online files based on a need to know. And put a good old fashion wall around paper files and removable storage devices containing sensitive information in a locked drawer, cabinet, safe or other secure container when not in use.
3. Properly dispose of sensitive data--When disposing of sensitive data shred documents containing confidential information prior to recycling. Remove all data from electronic devices—whether computers, tablets, smartphones or storage hardware—before disposing of them. Dumpster diving is not out of style for criminals and your right to privacy generally ends at the curb.
4. Use strong password protection--Password-protect your business computers, laptops, smartphones, network access, and accounts. Require employees to change default passwords and set a strong, complex password with a variety of characters that must be changed at least quarterly. Make sure to not use the same password for different applications. Imagine a cybercriminal discovering that the same password is used for accessing all systems and data.
5. Protect against malware--Malware can be installed when by unsuspecting staff having a malware-laden USB device such a thumb drive, smart phone or an unsecured laptop in addition to clicking on an infected link in an email or on a website. To prevent a malware attack, install and use antivirus and anti-spyware software on all company devices and be sure your employees are on the lookout for suspicious links. If possible have a policy that no external devices are to link into your data systems. This will prevent another possible breach to your wall.
6. Control physical access to your business computers--Create user accounts for all staff needing access and prevent unauthorized users from gaining access to your business computers. Make sure that the outside public does not have physical access to your computers. Laptops can be easily stolen, make sure they’re password protected. Limit the firm’s data that is stored on a remote device. Install software on remote devices that allows for wiping of all data on the hard drive if stolen. Limit network access on computers located in or around public spaces, such as the reception area. All your protection walls do you no good if the data can be access outside of the wall.
7. Encrypt data—Encrypt sensitive data stored on devices, in the cloud or being transmitted over the Internet, and only the staff member with the proper key can decode it. Encrypt data on laptops, mobile devices, USB drives, backup drives and email. Anything that cannot be nailed down should be encrypted.
8. Keep your software and operating systems up to date—Not updating your systems starts to allow bigger and bigger holes in your walls. Malware continuously evolves and software vendors continuously update or “patch” their programs in order to address new security vulnerabilities.
9. Secure access to your network--To prevent cybercriminals access to private network information, enable your operating system’s firewall and/or purchase reputable firewall software. Configure a Virtual Private Network (VPN) to provide staff with a secure means of accessing your network while working remotely. If you have a Wi-Fi network for your workplace, make sure it is secure and encrypted. Also require a password for gain access. Nothing like having a great wall only to allow cyber criminals easy access just outside the wall
10. Verify the security controls of third parties--Firms rely on third-party vendors aspects of their operation, such as payroll, credit card processing or to manage their security functions. Many firms are tightly integrated with their clients. But there are security risks in doing so. If a vendor or client breach occurs on the your data can be compromised. Or is your systems are breached you could also expose a client’s data systems. In either case you can be held liable.
11. Obtain Cyber/Data Breach Insurance--Even with all your walls in place a breach can happen. Walls are only good for defense. Cyber Criminals are constantly looking for ways to breach your walls. Even the best defense eventually gets scored on. A good Cyber Liability/Data Breach Insurance policy provides both 1st party and 3rd party coverages in case the worst happens.