This post was written by Pivotal Payments, a payment processing company.
In an ever-expanding technological landscape, cybercrime continues to be a worsening threat to businesses, with the average cost of a data breach in Canada ringing in at nearly $6 million, according to a recent study by IBM Security and the Ponemon Institute.
The study also found that nearly half of all incidents in Canada are malicious attacks, while 30 percent involve negligent employees and just over 20 percent are the result of a system glitch. These data breach disruptions are costly in indirect ways as well, namely customer loss and reputational damage. Data breaches can also have a societal impact: job loss, consumer price hikes and innovation crises, as pointed out by the Canadian Chamber of Commerce in a 2017 report.
And if you think cyber attacks only target big business, you would be wrong – but you’d be in good company. A report by Symantec found that 87 percent of small business owners don’t feel they’re at risk of experiencing a data breach. Yet hackers figure SMBs have fewer resources to combat cybercrime and continue to target them at increasing rates year over year.
So, how you can you protect your business from a data breach and avoid adding to these alarming statistics? Here are five tips to stay ahead of hackers:
Know your risk factors
The first step toward cyber resilience is identifying your most valuable assets and assessing the vulnerability of all your network systems. It’s also crucial to take stock of exactly where sensitive data is kept, whether on a server or in a filing cabinet. These internal security audits can help you pinpoint potential threats, allowing you to devise appropriate strategies to ward off attacks.
Keep in mind, taking data inventory should be done on a regular basis – some experts recommend weekly – and the importance of this exercise should be stressed to all involved parties.
Educate your employees
Your employees should be the foundation of your data security plan, with the company culture setting the expectation that security is everyone’s responsibility, not just executives and the IT department.
A recent Verizon report found that 81 percent of hacking-related breaches were the result of weak or stolen passwords – in fact, it’s the number one method used by hackers to infiltrate companies. Phishing attacks are also popular with pirates, generally in the form of malware and compromised downloads.
Employees should be trained on the types of Personally Identifiable Information (PII) your business stores; how to identify phishing emails; and smart password behaviour (creating strong passwords, changing them frequently, and avoiding sharing or re-using them).
Examine your personal device policy
Whether your business provides company-issued laptops and phones or has employees use their own, you need to take measures to secure all devices, both on and off your internal network.
Employees who use personal devices for company data should practice the guidelines established above, even when using their technology outside of working hours (or outside of the office), and should take care with their own personal data as well.
Antivirus software should ideally be installed on all smartphones and computers; some companies may also wish to filter content or block certain websites to prevent unintentional downloads of compromised files.
Protect your network
Encrypted emails, firewalls, device recognition, VPNs and regular testing are a few of the preventative measures your IT team can take to protect your business from a data breach. If you are a smaller company who outsources IT services, do your research to ensure any third party you work with is credible and trustworthy.
Remember, any financial output invested into protecting the security of your networks and sensitive data is far less costly than trying to recover from a breach. The Ponemon Institute found that extensive use of encryption can reduce the cost of breach per stolen record (average of $255) by six per cent.
Determine proper disposal protocol
A recent Shred-it survey revealed that nearly half (44 per cent) of Canadian C-Suites are without a policy for disposing of confidential data on electronic devices. Failure to implement clear rules for the disposal of data, devices or even paper records leaves company and client data exposed and vulnerable to attack. There should also be established procedures for lost or stolen devices.
Preventing business data breaches requires both executives and employees to stay aware and alert to this real – and rising – threat. Being proactive through planning and education is a far better approach than scrambling to clean up after a cyberattack.
To learn more about what happens after a data breach, check out the linked article from Pivotal Payments.