We’ve seen headline after headline about massive data breaches at hospitals, financial institutions and major retailers. Small businesses are hardly immune…they too have sensitive information that makes them vulnerable, and today you can’t afford to just cross your fingers and hope for the best. Following are just some of the steps you can take to reduce the risk of devastating breaches.
Encryption: Encryption is best understood as a program that scrambles files to leave them unreadable to anyone who can’t provide a unique “key” to open them. At the very least, your business should routinely encrypt information stored on servers, desktops, laptops, portable media and mobile devices. Encryption is particularly critical for confidential information. Consider this: Security experts have compared sending unencrypted confidential material over a network with mailing the information on a postcard.
Training: Rather than directly attacking your servers, hackers are most likely to target its employees’ computers. They often use phishing schemes, for example, to gain access by inducing an employee to click on a link or file that unleashes malware. It only takes one untrained employee to open the door to a far-reaching breach. You and your staff need ongoing training about the threats they face, potential costs of letting down their guard and steps they should take to prevent or detect breaches. They must understand all relevant policies and procedures — for example, on using firm computers and devices for personal browsing or posting to social media — and do their part to maintain a culture of vigilance.
Cyber liability insurance: All the security measures in the world can’t guarantee a hacker won’t find a way in, especially with the rapid development and deployment of technological work-arounds. According to a study by data security research organization Ponemon Institute, the average total cost of a data breach has reached $3.8 million. This includes costs related to investigating and remedying the cause, complying with notification requirements, litigation, fines and penalties, and public relations. So cyber liability insurance should be a no-brainer — especially when you consider that insurers have begun to exclude electronic data losses from their traditional liability policies.
Response plans: A general disaster recovery plan isn’t enough to deal with the wake of a data breach. Your business also needs specific policies dealing with cyber security issues. The policy should detail how your firm will respond to a breach, leak or other compromise of confidential or sensitive information, including who’ll be notified, the actions that will be taken to protect data and the investigation process.
The bottom line is act now! Cyber security experts agree that, for many small businesses and professional practices, it’s not a matter of if they’ll be targeted, but when. But by taking some simple precautions, you can improve your odds of avoiding an attack.