You will face hacking attempts this year – The probability is 68% for large companies and 38% for tiny ones.
Would you bet your business against those odds?
The screenshot above from Statista.com is based on a 2017 survey by the UK Office for National Statistics.
According to Sian John, senior cybersecurity strategist at Symantec, recovering from the reputation hit of a data security breach can take a year, and many small companies lack the capital to survive that year.
You can’t hide a breach: Legally and morally you are obliged to tell customers about their data being lost. How good is that going to look?
Protecting yourself from hackers is an investment you must make to keep your business alive.
Personnel Security Issues
The weakest points in your security are the people you employ.
Whatever security systems you have in place, some employees will always find a workaround that negates them. You can reduce the likelihood of staff-assisted security breaches if you inculcate a culture of security in every part of your company and every aspect of its data handling.
Every person on your payroll must be on-board with the need for security. However, you will still need checks and systems in place that cannot be subverted.
Encourage people to tell you when they find a way around your security by offering cash rewards. Encourage whistle-blowing and make security subversion a sacking offence.
Stress to employees that data security is a shared responsibility; that you can put precautions in place, but that minimising breaches comes down to everyone working together.
Security training mainly comes down to common sense. Once employees realise that 59% of data breaches come from employee actions, they will hopefully be happy to follow a few basic rules:
- No device sharing
- No password sharing
- Never leaving mobiles in a car
- Never using USB pen drives or SD cards to move or store data
Company Policy Security issues
Training staff in data security is part of establishing a culture of security. Employees need to know what constitutes a breach, and who to report violations to when they do occur.
A monitored alarm system will reduce the time any burglar has in your offices to steal passwords that employees have left in their drawers or under their computer keyboards.
Employees will still make notes of passwords even after you have made it clear they risk the dole by doing so.
Forget ‘Bring Your Own Device’. You cannot afford the risk of someone’s personal phone or tablet being hacked over a wifi network, nor of the device being lost or stolen.
When you own devices and lend them to employees, you can install security apps and remove an employee’s ability to connect personal software that could provide a hacker with a pathway to corporate data.
The only secure place to store data is in an encrypted form in the Cloud, protected by secure passwords. Data should never be stored, even temporarily, on mobile devices or local servers because these can all be stolen or mislaid.
This TechandTrends article explores Cloud security in more detail.
Test Your Business Security
It is easy to become complacent, especially if you have just beefed up your data security. Offering rewards to employees who find system weaknesses makes a good start, but the only way to total confidence is to pay a third party penetration testing company to try to hack your business.
The screenshot above from Bulletproof, a UK penetration testing company, gives you an idea of the kind of services that are available.
The screenshot below of the 2014 government cybersecurity breaches report shows what the cost could be. Double this for an approximation to current costs of breaches.
The cost of pen testing is substantial, but compared to the losses arising from being hacked, it fades into insignificance.
Data Disaster Recovery Plan
Plan for the worst. When disaster strikes, it won’t be a minor breach at 10am on a Tuesday morning but a catastrophic data loss at 3am on Christmas Day.
Is your Cloud data backed up? When did you last check all local hard drives for sensitive data? Do your salespeople keep notes of contacts’ phone numbers on their phones? Do you have a plan in place to handle press calls and to deal with social media criticism?
Murphy’s Law states that if something can go wrong, it will go wrong. That is the best way to secure your clients’ data. Encourage everyone in your company to look for ways around your security and pay a penetration testing company to try to hack you.