Cyber Drill Down: Steps for Keeping your Company Safe

We’ve discussed the costly impacts of a data loss in Where’s Your Data? and began talking about a Cyber Breach Response plan last month. Additionally, future Tips will provide more detail on how to protect your business from problems, hassles, and lawsuits. Once you have identified a risk, the first risk management step is always prevention.

  1. Prevention:

There are two major areas to focus your attention on if you want to prevent the costs and hassle of a data breach: employees and passwords. Most business owners don’t realize the importance of these very fixable flaws.

A recent IT Managers survey surprisingly reported 78% of data loss came from negligent and careless employees who were not following company policies. Personal devices and cloud storage all had significant and negative impacts.

Action

  • Employee policies, training, reminders, and enforcement are where you should start.
  • Brainstorm about how mistakes happen, such as, email auto-fills and other recent hacking attempts employees have seen.
  • Beware of “free” offers and strange emails from “friends.”
  • Discuss personal email received on company computers – this and social media messages are how phishers get into corporate databases.
  • Make sure everyone understands how mistakes can be disastrous.

Weak and shared passwords were the second biggest culprit.

Action

  • Again, employee policies, reminders, and enforcement are needed.
  • Automate that passwords must change every 90 days.
  • Mandate “strong” passwords – use available websites to test strengths.
  • No sharing! Ever!

Additional protection tactics:

Action

  • Regular, automatic software updates.
  • Segregated databases with passwords and encryptions for sensitive data.
  • Regular virus and malware updates, and complete scans.
  • Robust firewalls – both hardware devices and software.
  • Highly protected office Wi-Fi, and policies about use in public areas.
  • Automatic offsite back-ups – real-time/daily/weekly.

Resources =

Call Charles for a no obligation discussion about your concerns and questions.

About the Author:

2 Comments

  1. Charles T. Wilson April 15, 2015 at 9:35 am - Reply

    Business Insurance reports latest research shows:
    “The vast majority of hacking attacks are successful because employees click on links in tainted emails, companies fail to apply available patches to known software flaws, or technicians do not configure systems properly.”
    (http://www.businessinsurance.com/article/20150414/NEWS06/150419947)
    Prevention is the place to start!

  2. Charles T. Wilson March 11, 2015 at 12:23 pm - Reply

    My friend, Corri, emailed me this “cyber story” –

    I can relay a “real life” personal experience regarding shared email passwords….and my response.

    I recently visited my Primary Doc for a routine checkup (all is great I would add). Anyway, as I offered my updated medical insurance info to the front desk person, I noticed her colleague,sitting next to her on a separate desk top computer, began to type. There, attached to each computer was a yellow “sticky pad” note with a series of numbers/letters. I jokingly said to the support person …”Oh, securing & inputting personal data can be a real hassle especially when you forget your password”! To my horror, she replied “Well we only have one password to remember and in case we forget, it is right here on this sticky note”!!!

    I did not say anything to her, however, I waited for an appropriate time (after my checkup) to bring it to the attention of my Doc. As I anticipated, he was unaware of this practice although he did recognize there could be an issue with personal record security. My Doc knew I was in the ” P/C Ins Biz” and asked for my thoughts/suggestions to improve their electronic protocols. Frankly, at that point, I channeled my inner Charles Wilson and offered many of your most recent “Risk Smart Tips” on cyber liability/identity protection. He appreciated my (your) insights and said he would implement them.

    I can report he has done just that as a few weeks later, my wife went for her checkup and I noticed a change in their protocols and no sticky pad notes on the screens!!

    I’ll tell you Charles this cyber liability issue is a very real concern and not just for “Big Retail” operators i.e. Target, TJ. Max, Best Buy, etc……virtually every business owner has the exposure and should be prepared to handle it. Your advice is “spot on” as always.

Leave A Comment