You have locks on the doors and windows, but chances are, your company’s digital presence is not nearly as secure.
When it comes to protecting your company’s private information and your employees’ and customers’ personal data, you’ll want to be aware of the many ways that cyber crimes can affect you. While many business owners and managers would rather outsource anything tech to the IT department and forget about it, staying ahead of trends in cyber security may just save your company’s reputation.
You barely have to wait a day before hearing about some new cyber security breach of a major company or a major government institution. But know this: you don’t have to be big to be hacked. Data shows that 46% of all cyber attacks target small businesses (those with fewer than 1,000 employees).
So what should you do to ensure your company is cyber secure? Here’s a quick rundown:
1. Start small: Passwords.
Implementing a rigorous password protocol might just be the easiest way to slam the door on cyber hackers who try to get into your employees’ emails, files, computers or even thumb drives. You can have your IT department set protocols to expire passwords on a regular basis, and to prevent the use of some of the perennial “worst passwords” that get used, like (believe it or not) “password” or “12345.”
Most password “hacks” aren’t hacks at all, they’re guesses that you’ve picked a password that’s easily figured out, says Kyle Brucker, Managing Director of Technology at Marsh McLennan Agency (MMA).
Some of Brucker’s tips to make all your passwords secure include:
- Don’t write passwords down on paper. Consider using a program like LastPass. LastPass securely keeps all of your passwords in one place and you only ever have to remember one password.
- Never share your passwords with anyone.
- Never include passwords in email messages.
- Never reveal passwords in forms or questionnaires.
Brucker also has tips for creating strong passwords that can protect against even the savviest hacking software:
- If the password includes the names of your kids, your dog, your birthday, your favorite team, the city of your birth, your kids’ birthdays, your anniversary, etc., it’s not a good password.
- Don’t use the same password for all of your password-protected accounts. If one is hacked, all others are vulnerable.
- Don’t use a password that is similar to an old one as it creates an avenue for compromise.
- Try an acronym from an easy to remember piece of information or a phrase. Substitute numbers, symbols and misspellings for letters or words in an easy to remember phrase. For example, $ could substitute for S, @ could substitute for a, luv could substitute for love, etc.
2. Keep software up to date.
All those apps on your employees’ phones and computers need updating to fix bugs, but they also get updated to repair holes that cyber criminals might pass through to get into company email, files and more. Encourage employees to keep their personal devices updated, especially if they’re not company issue.
3. Educate employees on their role in staying cyber secure.
You hear all the time about “that one employee” who made a bad judgment call and clicked on a phishing link or lost their laptop in a taxi out of town.
For example: A company employee traveling on public transportation had their laptop stolen. Although the device was protected by a password, it lacked encryption. Upon reviewing the situation, it was discovered that sensitive patient information, including personal details and medical conditions, might have been stored on the laptop. The company responded by changing the employee’s password, reporting the theft to authorities, and informing the affected individuals. However, despite these actions, the breach had already caused harm.
You can and should educate employees on their role in keeping your business safe. From having a secure laptop password and physically protecting electronics like phones and thumb drives to not sharing access to unauthorized personnel or sharing personal information through unsecure or unreliable methods like email. You want to keep everyone aware of their role as a gatekeeper to your business.
4. Have a plan and write it down.
Developing a cyber security risk management plan involves identifying risks, analyzing risks, deciding on a mitigation response, and committing to continually monitor the situation.
Keeping your business cyber secure is a constant process. Make sure your IT department, web developers and any company hosting data outside your business work together to keep ahead of potential threats, keep software and anti-virus programs up to date and maintain a clear level of communication with employees so that no one person or group can put the company at risk.
5. Get covered.
Cyber security insurance protects not only your business, but everything that your company touches with its digital footprint, from employee social security numbers to customers’ credit card numbers.
According to an article in Forbes magazine, “As you and your company evaluate your risk and exposure to cyberattacks and data theft, remember that there is no avoiding the impact that this new threat has on all businesses of any size. Do not fret, however: There are great resources at your disposal and an army of experienced professionals waiting to lend a hand along the way.”
Kacey Wheeler is a cyber specialist for Marsh McLennan Agency. She has experience in software development, cyber defense, and cyber awareness training initiatives. She helps organizations better understand and manage their cyber risks across industries. She is committed to continuous learning in a space that is always evolving.
Looking to make your business cyber secure? Start a discussion with an agent today.
