“Dear Client,” … That’s how the letter usually begins. The next few sentences are a little trickier; there is really no good way for someone to hear that their data has been stolen. Unfortunately, getting that letter is becoming an increasingly common occurrence in business. As things stand now, organizations stand to lose more than $100 billion per year to cyber-attacks and fraud globally.
While a security breach might be one of the last things on your mind, the most recent Travelers Risk Index report shows that it’s a top concern for your clients, customers, and contractors: “Personal Privacy Loss and Identity Theft” went from barely ranking in that annual survey a few years ago to the No. 2 spot now, right behind “Financial Security.”
The expectation of cyber security has to be met with the same fervor, creativity, and drive that business people muster to meet their clients’ and customers’ expectations. To get started, review these steps.
1. Engage and educate your employees — It’s important that you create a culture of security within your organization because security is everyone’s responsibility. If you don’t have buy-in from all your team members, you’re exposing your business to unnecessary risk.
Most cyber-attackers gain access to networks via social engineering and the manipulation of a user within an organization, not via command line “hacking” from a dark, pathetic basement somewhere, as movies and television often portray such characters. Why would someone spend days trying to crack your accountant’s password when they can simply call your IT desk pretending to be your accountant, and ask the tech on-call that day to reset it to something new?
2. Anti-virus — Having an up to date anti-virus deployed on all of your desktops and servers is vital to organizational cyber security. An unprotected computer is an easy target for a motivated attacker. Don’t make it easy on them – pay for anti-virus and make sure it’s regularly updated by your IT staff.
3. Password management — It’s important that you and your employees leverage strong, complicated passwords that are not easy to guess. Today there are hacking applications that can be plugged into a computer, and in about four minutes will run through the most common 10,000 passwords used, trying each of them. You’d be surprised how many folks with access to critical data have the password of “password,” or if they are feeling clever, “password1” (Did this just reveal your password? Go change it. Now.).
4. Secure your networks — Without getting too technical, just know that having a firewall between your corporate network and the Internet is very important. If you don’t have that barrier, there is very little stopping someone from freely accessing your data.
5. Secure your cloud — No matter what cloud provider or service you use, make sure you do a complete review and analysis of their security practices. If they can’t easily and quickly tell you how your data is secured, odds are it isn’t secure. Also, for any accounts used to access your firm’s data, make sure you have strong passwords and only access it via a computer you own or trust. If you access your cloud on an infected machine, there is a real potential for a hacker to learn your password and use it later on without your knowledge.
6. Protect your banking information — Make sure that all financial data, accounts, and records are kept secure and segregated from the rest of your business’ general shared drives. If financial transactions are conducted electronically, ensure they are done over an encrypted connection and that your employees never email account numbers, credit card information, or sensitive financial documents.