In 2017, the threat of a cyber-attack is present in nearly every aspect of our life. This is the same for a business. When an attack occurs, the more prepared you and your staff are for a data breach, the more likely you are to prevent the breach in the first place and better react to an attack when you do experience a data breach. Here are 6 ways to protect your business from a data breach.
Cyber Security starts the minute an employee is hired
Preventing a data breach begins the moment someone becomes an employee. New hire training is the best place to begin bringing awareness to the threat your businesses faces in the realm of cyber security. This should be the case for all employees no matter what level they are hired. This is equally important for upper level as well as front line employees. Not all employees are as cyber aware as you might think. Many employees in many different industries can be highly competent at their job, yet still put your company at risk when it comes to data breaches. It should not take a large amount of time nor effort to properly prepare your employees to defend your business against hackers. Failing to do so can be a fatal mistake for your business.
Show your employees exactly how to protect their passwords
Most data breaches are caused by weak passwords used by employees. Because of this fact, it is extremely important for your business to have a strict policy in place guiding employees how to create and protect their passwords. There should be bare minimum standards that you set and there should be measures in place to ensure they are being followed. Not all employees will have the same set of awareness in the world of cyber security. New hires may have worked for companies in the past who did not place enough emphasis on preventing data breaches. Setting clear boundaries about what is and is not acceptable when it comes to cyber security and passwords is crucial for preventing a data breach. Here are some concrete examples of strong and weak passwords.
This would be an example of a password that is extremely secure.
This would be an example of a password that is a little less secure, but easier to remember.
BobSmith or password
These are examples of terrible passwords that should never be used.
Implement a Clean Desk Policy
Many people envision a data breach occurring because someone received a malicious email from someone they do not know and they click on a link included in the email. This is how many data breaches are started, but many data breaches occur via much less sophisticated methods. Some can occur because of something as simple as an employee leaving a post it note on their desk with their passwords written in plain view. It can also occur because an employee leaves the sensitive information of a client lying on their desk overnight. Many businesses have third party vendors who have access to the facilities after hours in order to clean the facility. If this information falls in to the wrong hands it can cause damage to your company that you may not be able to recover from. This is why it is crucial to implement a clean desk policy.
Have a plan in place for when a Data Breach occurs
Planning for the response to a data breach needs to be thought out and planned well in advance of when the attack occurs. First and foremost, the priority should be to stop the breach and prevent it from spreading throughout the company. There also should be a plan in place for who you plan to communicate the breach to and how that message should be worded. This plan should include the expertise of your information technology advisor as well as the advice from human resources, legal counsel, customer service and executive management. There should be a clear and concise message to express to employees and a separate message that employees can express to customers.
Secure adequate Insurance for your business needs
Most businesses have some form of commercial insurance. Workers compensation and general liability insurance are required by law in most states, but those policies will not cover the damages caused by a data breach. Unless you buy a specific policy for when a data breach occurs, your business may be liable for the cost related to the damage from a data breach. This is why it is extremely important to take some extra time to speak with your insurance professional about all the activities your employees partake in on a daily business. They can help you determine exactly what risks your business does face and how to best protect your business in the unfortunate event of a cyber-attack. Data breach insurance is offered in two separate policies that are almost universally sold in tandem. The risks related to data breaches are so new to the insurance industry that clear names for the policies are not standard across the industry. The most common used terms are data breach and cyber liability coverage. Data breach coverage protects you from the damages that are done specifically to the business while cyber liability covers the damages that are done to outside third parties. Third parties can include customers and vendors who may be damaged by the breach.
Consider implementing a shred everything program
Shredding sensitive documents is a safe and easy way to prevent your businesses information and the information of your clients and partners from falling in to the wrong hands. Nothing is more precious than the reputation of you and your business. Securing that the information of your clients does not become public knowledge should be at the forefront of your businesses priorities. Shredding information that is no longer needed is a safe and secure method to keep your businesses reputation in-tact.