Over the last year alone, some of the biggest corporations in the world have been successfully breached by cyber-hackers. In between these headline-making major breaches have been the countless untold stories of small and mid-sized businesses experiencing data breaches of their own.
Unfortunately, there is simply no way to shut down the hackers completely. So long as there is data to be hacked, they will likely keep trying. But there are some very effective ways to ensure your company won’t be one of the ones that gets breached. These five smart tips will separate your company from the “easy marks” that are out there today and ensure your data stays safe and secure.
Tip #1: Educate your staff
How many stories have you read about lately where sensitive data was obtained not through a full-on firewall breach, but by simply retrieving an unattended mobile device?
Here, the lesson is simple: your entire security system is only as strong as its weakest link. If your staff is not continually made aware of the risks and educated – drilled, really – in how to do their part, these data breaches will continue to occur.
What to do differently: Impose rewards for each year your company remains safe and secure from cyber-hackers. Similarly, impose penalties in any case where data theft can be directly traced back to simple employee negligence.
Tip #2: Continually assess risk
This process is neither glamorous nor fun. But with as fast as cyber-technology is evolving today, it is absolutely necessary to continually monitor for and assess risk – so much so that many companies today either retain an in-house risk assessment consultant or contract this service out.
As well, anytime you bring in a new component to your company’s operations, be it a BYOD (bring your own device) program or a new types of software, it is time for another risk assessment.
What to do differently: Be proactive. You may not be able to hear them, but the cyber-hackers are always knocking, hoping someone will open it without questioning. So every time you pass a door (or even think about it), check to be sure that door is locked!
Tip #3: Only work with secure vendors, suppliers and partners
Here again, you must think beyond your brick-and-mortar (or website) walls to determine the full scope of your company’s vulnerable areas. If your vendor gets breached and, through that breach, your data is accessed, your angry customers won’t care whose fault it was. And they probably will move their business elsewhere….permanently.
Do you transfer data back and forth with vendors, suppliers, partners or subsidiaries? Are you using vendor-issued devices or equipment with their software installed? Are you installing third-party software or apps on your own devices? In each of these cases and many more besides, your security is compromised by working with partners who are negligent or lenient in their security policies.
What to do differently: Vet each vendor, supplier, subsidiary, partner or other new collaborator before joining forces. Develop a basic security protocol all must agree to abide by.
Tip #4: Update, update, update
This tip seems so old school it feels tempting to not even mention it. However, with as many breaches as can be linked to failure to update security software, operating system software, business software, apps and other updates, it clearly needs mentioning.
Of course, the larger and more complex your organization is, the more challenging this task then becomes. Regardless, you must work out a system whereby each and every device associated with your network is running the very latest version of everything all the time.
What to do differently: Sit down with your IT staff and map out your entire organization as it relates to devices, hardware and software. Create a list of approved devices, software and hardware. Reign in the use of un-approved versions of the same. Task IT staff to liaison with remaining staff to ensure all are in compliance and will remain in compliance (see Tip #1 here for some options to encourage compliance).
Tip #5: Develop a step-by-step plan in the event a data breach does occur
Just because you don’t like to think about it doesn’t mean it won’t happen. Every minute of every day, there is a cyber-criminal out there somewhere thinking up new ways to hack even the most well-insulated security system. New viruses, malware, encryption code-breakers and other tools are developed and launched each day. So despite your superhuman best efforts otherwise, data breaches are still a very real risk you must address on a daily basis.
How will your company respond – to the press, to personnel, to customers? Who is in your “first responder” team and what will they do first, and then second, and then third to contain the breach?
What to do differently: Since you cannot possibly foresee what the future may yet hold, map out best-case AND worst-case scenarios. Make it known in ways that do not compromise your security system that you have these policies and protocols in place (for cyber-hackers, this is similar to putting a sign in your front yard saying “Smile! You’re on camera!”). Make sure each member of your staff knows their role if a breach does occur. Then train, train, train until containing a breach is like breathing air.
With these five smart tips in hand and in practice, your company will look less appealing to cyber-hackers and especially those who are looking for an easy, low-effort data “score.”
However, this is not a one-time exercise but a continual, ongoing team-wide effort to monitor, update, encrypt, secure and protect the sensitive and proprietary data that puts food on everyone’s table and keeps a roof over your collective heads. Only by getting very serious about data security from the highest level down and from the lowest level up can your company hope to withstand and even repel today’s sophisticated cyber-criminals.