We’ve discussed the costly impacts of a data loss in Where’s Your Data? and began talking about a Cyber Breach Response plan last month. Additionally, future Tips will provide more detail on how to protect your business from problems, hassles, and lawsuits. Once you have identified a risk, the first risk management step is always prevention.
There are two major areas to focus your attention on if you want to prevent the costs and hassle of a data breach: employees and passwords. Most business owners don’t realize the importance of these very fixable flaws.
A recent IT Managers survey surprisingly reported 78% of data loss came from negligent and careless employees who were not following company policies. Personal devices and cloud storage all had significant and negative impacts.
- Employee policies, training, reminders, and enforcement are where you should start.
- Brainstorm about how mistakes happen, such as, email auto-fills and other recent hacking attempts employees have seen.
- Beware of “free” offers and strange emails from “friends.”
- Discuss personal email received on company computers – this and social media messages are how phishers get into corporate databases.
- Make sure everyone understands how mistakes can be disastrous.
Weak and shared passwords were the second biggest culprit.
- Again, employee policies, reminders, and enforcement are needed.
- Automate that passwords must change every 90 days.
- Mandate “strong” passwords – use available websites to test strengths.
- No sharing! Ever!
Additional protection tactics:
- Regular, automatic software updates.
- Segregated databases with passwords and encryptions for sensitive data.
- Regular virus and malware updates, and complete scans.
- Robust firewalls – both hardware devices and software.
- Highly protected office Wi-Fi, and policies about use in public areas.
- Automatic offsite back-ups – real-time/daily/weekly.
- Kroll Cyber Security: http://www.kroll.com/cyber-security
- SEC – search Cyber Security at http://www.sec.gov/index.htm; download a PDF Planning Template here: sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf
- SBA, FEMA and The Red Cross have lots of helpful resources about disaster planning
Call Charles for a no obligation discussion about your concerns and questions.