Data Breaches have been all over the news in recent years. Nearly every industry has been struck by some sort of cyber security breach and breaches are no longer just a problem for bug businesses. As more businesses are beginning to take adequate protections, cyber criminals are looking to small businesses as a place to easily gain access to people’s sensitive financial information. Here are five tips every business owner can you to properly protecting their business.
Conduct an audit to determine susceptibility to cyber risk?
Conducting a cyber-security audit can be done internally or with the help of an outside consultant. If you decide to do this in-house, it is tremendously important to have capable minds on your staff to analyze your risks and have acceptable solutions to mitigate those risks. Even if you have those people on your staff, it may be wise to still consult with an outside third-party to determine all the risks you face.
Implement an employee education and training program related to cyber security policies and procedures.
Cyber-security education should start with your new hire training. This training should be for everyone, even high level employees. Many executives have adequate qualifications to head an organization, but they have less cyber-security knowledge than their secretary and a majority of their employees. If an employee uses a computer, they need to be trained about how to properly protect the device from hackers. This training should include password protection with concrete examples of what a good and bad password are. It also should include examples of phishing emails as well as proper ways to protect their workstation. This can be especially important if you have vendors in your facility after hours to clean the premises.
Update your insurance policies to match the risk your business faces.
Having an open and honest relationship with your insurance agent is key to properly protecting your business. This is especially true when it comes to cyber security. Having a conversation with them about what exactly your business does and does not do on a daily basis can help your insurance agent determine exactly how much risk you face. You should include what types of information you store and how many customers you store this information for. The more information you give your agent, the better recommendation they can give to you in relation to what types and how much cyber-security insurance you need. This will be extremely helpful the next time you go to shop insurance.
Assign a small group of people to be responsible for cyber security and give them the authority to get things done.
Cyber Security is definitely a top down priority. If the people at the top of your organization do not value cyber-security, then that mindset will fester throughout the ranks of your organization. The leaders of your organization should also be realistic with their personal knowledge about this subject. If you are not extremely knowledgeable about cyber security than hire someone who is or a group of people who are. Once you have found this group of people it is important to give them the authority to act when they need to. Cyber-attacks can cause a lot of damage in a small amount of time. For this reason, it is important to empower your people to act and for them to keep you informed as the process of dealing with an attacks moves along.
Review all vendor contracts with whom you share confidential information.
Two of the largest data breaches in history, Home Depot and Target, were started by a third party vendor being hacked first. In both of these cases a small business was hacked several weeks or months previously and the criminals waited until they realized they had access to the much larger database through this vendor partnership. For this reason, it is extremely important to constantly review and improve your vendor contracts in an attempt to ensure your partners with whom you share confidential information are properly protected.