From the politically charged Sony attack to point-of-sale (POS) breaches at small restaurant chains, no business is safe from the threat of a cyber attack. According to the latest Internet Security Threat Report from Symantec, 34% of all spear-phishing attacks targeted businesses with fewer than 250 employees.
Attackers want your data—company finances, human resource records, customer information and other confidential documents are prime targets. Information is the lifeblood of your business. Organizations that ignore security best practices and cyber liability insurance are low hanging fruit for criminals.
By educating yourself on simple ways to mitigate risk, you can help prevent valuable intelligence from falling into the wrong hands. Below are five ways practical risk management and insurance can protect your most valuable information.
1. Educate yourself on security best practices.
Smaller companies can be more attractive to hackers because they often have weak cyber security and physical controls. There several common sense measures every business should take to guard against attacks. Here are a few examples:
- Use strong passwords and security pins to protect computers, mobile devices and the company wireless network.
- Set up extensive network security and firewalls, or hire an IT professional to do so.
- Limit employee access to sensitive information to those who truly need it to perform job responsibilities. Explore software admin controls and permission-based settings to limit user access.
- Classify documents as confidential to make sure sensitive information is treated as such.
The U.S. Small Business Administration offers a free course for further education on cybersecurity best practices.
2. Secure your hardware.
Computer hardware, the physical components that comprise a computer system, includes computer memory, data storage devices, hard drive disks and IOT devices.
In addition to being expensive company assets, the data contained within hardware can be far more valuable.
- Protect hardware from theft by investing in a security system and securing equipment to a desk, wall or floor.
- Help monitor and retrieve stolen items by installing tracking software on computer equipment.
- Encrypt data to inhibit thieves from accessing computer contents.
3. Educate your employees.
Provide employee training or draft a company technology policy. Educate employees to use common sense and discretion, avoiding links, emails and other online activity that appear suspicious.
Restrict or limit the use of free or open hotspots, and provide a virtual private network (VPN) connection for remote access to company servers. Depending on your industry, develop protocols and training on the proper handling of customer data.
4. Have a contingency plan.
In the event of a fire, flood or other natural disaster, consider off-site or cloud-based backup of critical business data. Even if computer hardware is irreparably damaged, files and information will be able to be recovered.
For more information, take a look at these resources from the Federal Emergency Management Agency (FEMA), Small Business Toolkit: Tools and Resources to Plan, Prepare, and Protect.
5. Select a comprehensive cyber and technology insurance policy.
In addition to precautionary measures, technology liability insurance can protect your company’s data and technology. A data breach policy will often cover lost or damaged electronic data, as well as any interruption of computer operations or e-commerce. It may also cover legal liability for lost, stolen or compromised data.
You may be able to insure computer equipment under your business insurance policy; additional coverage might be needed for specialized business risks. Insurance and risk management are the umbrellas that can help protect you when the proverbial “rain” starts to fall.
With the rapid pace of innovation, it can be daunting to prepare for every scenario. Surround yourself with a team of knowledgeable technology and risk management professionals who can help you navigate your options and protect the business information that’s vital to your organization.
For more information on protecting your business assets, read these related articles:
- Cyber Security for Professional Service Agencies: 5 Ways to Protect Clients’ Personally Identifiable Information
- Cyber Security for Professional Service Agencies: How to Safeguard Your Clients’ Intellectual Property and Trade Secrets
- Cyber Security for PR and Marketing Agencies: How to Protect Your Clients’ Social Media Accounts
Image Credit: Stuart Chalmers via Flickr
* This post has been edited to include up-to-date information and resources.