Data security isn’t just the responsibility of IT pros. Secure systems and networks can be taken down by an employee’s honest mistake. Smart organizations pay attention to, and verify, information security training for all employees. While you may not have the budget for big, formalized security training classes, your employees (a.k.a. end-users) can benefit from some basic information that will assist them, and your company, to be more secure.
Data breaches are costly, but not only monetarily. Data breaches are arguably more costly to your organization’s productivity.
- The average data breach costs $12.7 million.
- The average company requires 45 days to recover after a security breach.
- Hackers don’t just go after corporate secrets. A hack could expose employees’ personal data and communications, putting your business at risk for cyber liability claims.
- Perhaps as much as 50 per cent of individual identity the occurrences originate in the workplace.
- The average cost for legal settlements due to cyber liability cases is $880,839.
- Passwords matter.
- 80 per cent of security incidents are facilitated by weak administrative passwords.
Practical Steps to Improve Your Cyber Security
As long as we conduct business using technology, and as long as our business involves human beings, it is inevitable that cybersecurity will be an ongoing challenge. But there are simple, direct steps that we can take to mitigate threats.
1. Train your employees. Then train them again! And again… and again… and again!
About 33 per cent of all security incidents can be attributed to employees and 80 per cent of companies say that end user carelessness is their single biggest security threat6. Implement regular training sessions for all employees to address common cybersecurity issues. Building employee awareness will improve service, security, and it gives you an excuse to provide a free lunch to the team. And who doesn’t love a free lunch? The next step is to be sure to hold your employees accountable for the cybersecurity training you provide, and performing verification that they are following policy.
2. Never give out your login credentials.
Never, under any circumstances, give your login credentials to anyone, including friends, family members, coworkers, or even your buddies in IT. This seems like such a simple step, and yet, many are guilty of violating this simple rule on occasion.
- Bonus tip: Never send sensitive information via email:Unfortunately, email is one of the most susceptible sources to hacking and social engineering cyber attacks. With this in mind, never send sensitive information via email — even to yourself!
3.Use different passwords for every website or application.
What you give up in convenience, you likely quadruple in security! And that’s a trade-off that pays off! If you or your employees struggle to remember passwords, try a passphrase, like “Ketchup is the worst relish,” or consider using a password manager service such as LastPass, Zoho Vault, or Sticky Password. Compare password managers at pcmag.com.
- Bonus tip: Some things never change. But your passwords should!- 70 per cent of people do not use a unique password for each website and/or app. Establish an automated requirement for employees that they change their passwords every 60-90 days.
4. Beware of public WiFi
No matter how much you may trust the host, never send private information over public WiFi. Hackers can use the same public WiFi networks to troll for your private information, work-related passwords for remote systems, and more.
5. Develop a healthy level of skepticism
Always be skeptical about attachments and requests, even if they appear to be from trusted sources. The most common phishing scams coming to an email inbox near you tend to appear to be legitimate bank notifications, online purchases, photo attachments, shipping notices, and online dating services. When in doubt, don’t open the attachment. Verify by phone that the bank, online shopping service, or other service has indeed sent you an email. Practice constant vigilance!
6. Mobile devices deserve your attention too!
It’s not just your computer or network that need to be secure. Any mobile device is vulnerable to cyber attacks as well. About 50 per cent of mobile device users don’t take even the most basic security precautions8. Never leave your device (laptop or phone) unattended in a public place. Always report loss or theft of any devices immediately. Always keep devices updated. Install and use anti-virus and anti-malware software on your mobile devices as well as on your desktop computers.
7. Practice makes perfect.
Nearly 59 per cent of U.S. small and medium-sized businesses do not have a contingency plan that outlines procedures for responding to and reporting data breach losses9. Have a plan in place for how to respond to a data breach or cyber attack, and practice it! Include your employees in the practice so when an incident does happen, everyone will know how to respond to best protect the organization and themselves.
8. Know your resources — and use them!
As an entrepreneur, you have lots of resources at your fingertips, including some from our friends in the federal government. The U.S. Small Business Administration offers some pretty great resources and assets that can help you and your organization, including its Top Ten Cybersecurity Tips and Top Tools and Resources for Small Business Owners.
Cyber security and data security are very real issues facing every entrepreneur today. As more and more business transactions move online, and as organizations develop an ever greater dependence on technology for every conceivable operation, data security is paramount to organizational success. Following the simple steps outlined in this article will help you create a strong data security and cybersecurity foundation on which to build your business. If your business and data are secure, so is your future!