Cybersecurity, data breach, hacking, disaster recovery, security policies, cyber-attacks.....What does it all mean? Compromised data can come from various sources, such as lost or stolen equipment, malicious viruses, unauthorized access, disposal of old computers, or when sensitive information is left exposed by mistake.
This article is intended to encourage an awareness of your vulnerabilities and liabilities as a business. My supervisor laughingly tells everyone I have a healthy dose of paranoia. Perhaps that is true, but if my asking questions and keeping the topic close at hand prevents a single data breach; well, it is worth my time and yours.
Did you know?
Billions of dollars every year are spent repairing systems hit by hackers. Some disrupt or disable hospitals, banks, and 911 systems.
Nearly one-third of all cyber-attacks target businesses with less than 250 employees according the Department ofHomeland Security.
The FBI reports that 44% of small businesses reported being the victim of a cyber-attack, with average cost of $9,000 per attack.
Over half of all businesses don’t have a contingency plan to respond to and report a data breach.
Attackers come in all shapes and forms, from computer geeks looking for bragging rights, businesses trying to gain market share, to large crime rings stealing personal information to sell on the black market.
We can hardly turn on the news without hearing about theft of our credit card information used at Target, Bank of America or PF Chang’s, just to name a few. Large corporations with large IT departments are not immune to security breaches, but for our purpose I’ll focus on tips for small to medium businesses. Companies, regardless of size, rely on critical business data every day to succeed. So what would happen if you lost sensitive information?
In the world today, we have more access to data than ever before as successive generations of technology show up in our workplaces. With the need to balance access and user productivity with security and liability, we allow laptops, tablets, and smartphones into our networks, but how do we successfully monitor our data? Below are a few tips to consider.
1. Assess the potential security risks to your business. Consider how valuable, sensitive or confidential the data may be and what damage or distress would be caused in the event of a breach. Have your IT contractor provide a penetration test to identify weaknesses in your network security.
2. Make sure all electronic devices, including employee owned, have updated antivirus and antispyware software. Security software needs regular updates in order to continually provide adequate protection.
3. Hide your Wi-Fi network, encrypt information, and secure your internet connection using a firewall.
4. Establish a security policy and train employees on its effective use and accountability. Employees at all levels need to be aware of their role and what their responsibilities are. Train employees to recognize phishing emails and never open an attachment or click on a link from untrusted sources.
5. Require employees to use strong passwords and change them frequently. Although not all software applications will allow, a good strong password will contain approximately 15 characters, upper and lower case, numeric, and possibly a special character. Consider using a PassPhrase to help users remember lengthy passwords.
6. Access Control - Limit employee access to sensitive information and limit authority to install software on company equipment.
7. Create regularly scheduled backups and store offsite. Can you restore from the backup? Having a copy of your data simply isn’t enough. Test a data restore.
8. Develop a plan of action if a breach occurs and reevaluate your disaster recovery plan.
This is by no means a complete list. By staying educated and understanding solutions and best practices, you can reduce the risk of a data breach. We will delve deeper into some of these topics in future articles in the TUG Pulse.
You can read more information on this topic and others at the following links:
FBI Cyber Crime Division
Department of Homeland Security Cyber Crimes Center