You have likely seen or heard stories of businesses falling victim to hacks or data breaches. Companies may need to pay a ‘ransom’ often in digital currency to unlock a database or recover lost files; some face lawsuits and regulatory fines after theft of customer databases.
According to the 2016 Ponemon Study On Data Breach Costs, a hack will cost a company an average of $7 million to detect, stop and repair.
How can you minimize your company’s risk and protect valuable business information? Below are six steps you should take now to strengthen your defenses:
1. Install Strong Anti-Virus Software
Have your IT department (or outside consultant if needed) install a suite of anti-virus, anti-spam and intrusion detection software (to look for robot ‘spies’) on every computer in your network — including servers and laptops. However, don’t forget to keep this technology updated! It seems almost impossible but the recent massive Equifax breach might have been avoided if the company had kept its anti-virus software and systems up to date.
2. Use a Firewall and Secure Your Website
If you haven’t already, install a firewall for any web sites and everything that is connected to your system (such as intranets). A ‘firewall’ is a an electronic gatekeeper that basically looks for unauthorized users and stops outside threats.
To supplement any firewalls you install, be sure that your actual web sites are secure on the back end — each site you have should have SSL (secure sockets layer) protection and if you have a web site that conducts commerce or sales, be sure to use https:// protocols (when you see the little green lock icon at the top of a web address in your search bar you know it is secured).
3. Keep Your Database Software Up to Date
As reported in the 2017 Trustwave Global Security Report, flaws in database programs continue to be a major vulnerability: Software companies patched 170 vulnerabilities in the most common database programs in 2016, up from 139 vulnerabilities in 2015. Keep your software and programs secure as possible by ensuring you always have the latest version and you have downloaded any security patches available.
4. Don’t Forget About Paper Data!
While focus has to be paid to the technology available to protect digital data, don’t forget about protecting good old-fashioned paper records that are also targets for thieves. Create a regular paperwork destruction/shredding plan that correlates with industry standards for your business: If you are required to keep client records for five years, every year look back at copies of old files or receipts that are more than six years old and evaluate them for shredding.
Things like employee records and personnel files are also ripe picking for data thieves, so invest in locking and secured filing systems and a documented paper trail whenever sensitive data is accessed. Further protect this sensitive data by re-examining who has access to employee files and remove as many people as possible from that list beyond those truly essential.
5. Create a Response Plan and a Response Team
Don’t wait for a breach to determine what you should do: Have a plan already in place in case of an incident. Create a written response plan that outlines what your company to do should to evaluate and respond to suspected or actual breach or theft of computer systems (physical items like computers, mobile devices, printers, scanners, medical devices) or data (like customer or employee information).
Create a team that crosses disciplines within your organization: Legal, IT, HR, Communications and Security should all be involved. Collaboratively determine the steps the company will take when an issue is identified, no matter which department is the point of origin. When an incident does happen, refer to the plan and follow it to help ensure as many risks as possible are mitigated.
6. Make Sure You Listen to Your Customers and Outside Voices
According to credit card processor First Data, it is actually unlikely that you as the business operator will discover a data breach — It’s usually detected by something like a bank that identifies a spike in potentially fraudulent activity or customers noticing something off in relation to personal credit. The financial cost of the analytics and investigation required to determine the source of a breach can rapidly spiral out of control, crippling a business owner. If you suspect a potential breach either via customer feedback or a terminated employee with a potential grudge, take proactive steps to secure data and review activity as soon as possible.
