In today’s interconnected and tech-reliant marketplace, cyber breaches are a major concern for companies of all sizes across virtually all industries.
To effectively protect your business—as well as the personal and financial information of the customers who place their trust in it—you’ll need to take a holistic approach that reaches beyond the IT department.
Create a culture of responsibility for data security
At a foundational level, companies need to emphasize cyber security as a core value—during both new hire orientation and as a major component of ongoing employee training.
This means emphasizing the legal and regulatory ramifications for the company, and for employees, that can arise when data is misused—even inadvertently. Be sure they have a working familiarity with the ever-evolving tools that can help keep the company and its customers safe. Cultivate a collective mindset that prizes engagement and personal responsibility over simply assuming certain software or apps—wonderful and innovative as they may be—negate the need for vigilance and situational awareness.
Set Up Strong Password Protocols
Employees should have a unique password for each system they log on to—and none should be based around birthdays, children’s names, or any other easily hackable personal detail. Your company protocols should include periodic prompts for employees to change their passwords.
Further, though it may seem like common sense to some, employees should be discouraged from writing down their passwords and keeping them in their desks at work. In some cases, two-factor verification might be appropriate as well.
Educate Personnel on Internet Safety Basics
Caution employees against clicking on suspicious links in an email—particularly if the message is from an unknown sender—or visiting unfamiliar websites.
Such links and sites may contain viruses or malware that can infect their computer and be transmitted though your company’s systems, potentially leading to data theft by enabling hackers to surreptitiously access your systems.
Mitigate Personal Downloads
Though many programs will no doubt be perfectly safe, employees should generally be discouraged from adding personal and unauthorized software to their computer. In fact, all software and programs loaded onto company computers should be reviewed and approved by your data or IT department. No exceptions.
To allow otherwise is to potentially open your systems up to infections, malware and other vehicles that make it easier for hackers to steal data from your company.
Authorization and Access
Unauthorized users should not have access to company computers or systems.
As harmless as it may seem, an employee shouldn’t lend their laptop to a client who—despite his or her best intentions—may unwittingly visit an unsafe site that allows a virus or malware to be loaded onto the laptop that could ultimately make its way throughout the company’s systems.
Similarly, you may need to establish different levels of access within different parts of the company. This will not only make it easier to locate and close off the entry point should a breach occur, but also limits access to sensitive company data that could potentially be misused.
Establish Social Media Policies
Social media has revolutionized the way businesses interact with both customers and the world at-large, but it is not without its own cyber risks: Social media, for example, is hackable and susceptible to bogus postings.
Those who use and maintain company social media accounts should be aware of potential threats and well-versed in basic precautions.
If you choose to allow employees to check personal social media accounts on workplace computers, there should be clear guidelines and usage policies in place designed to protect you—and them.
Be Aware of the Data Privacy Regulations for Your Industry
Depending on the industry your company is in, there may be additional privacy or data security measures that need to be taken beyond basic cybersecurity.
A great example of this is in the healthcare industry. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established a set of national standards to protect the security of an individual’s health records—rules which extend to doctor’s offices, hospitals and other health care providers.
Noncompliance can be expensive with fines ranging from $100 to $50,000 per violation, depending on the level of negligence involved— with a cap of $1.5 million per year. These are potentially huge fines for a small doctor’s office or even a mid-sized healthcare facility, so it’s important to educate staff around industry-specific privacy requirements and best practices for compliance. In the case of HIPAA, jail time can be involved for the most serious level of violations.
Lead by Example
Protecting your business from today’s cyber criminals will take more than sending out a company-wide email or two. As with any corporate priority, making cyber security an integral part of the company’s culture will require senior management to prioritize and model that commitment to the rest of the organization.
Cyber security has to be an operational priority each and every day—from the top down. That includes adding layers of protection to your payments, treasury and reporting processes to ensure information is protected and validated.