Cyber risk has shot up to become the 2nd largest concern for U.S. businesses in 2015 (up from 5th in 2014). Malicious attacks such as computer viruses, banking or financial system hacks, and data breaches can cripple a business’ reputation and financial standing. If your company is not prepared, it may never recover from a serious cyber risk event.
As businesses adopt cloud based and hosted solutions, implement BYOD mobile device policies, and store more and more data electronically, it becomes increasingly difficult to track and secure electronic intellectual property (“IP”) and personally identifiable information (“PII”).
The “2015 Travelers Business Risk Index” report shows that 58% of U.S. businesses consider cyber risk/data breaches something to worry about, with 29% feeling they are not equipped to deal with an event. It appears the “Year of the Breach (2014)” was eye opening and caused more and more businesses to attempt or escalate attempts to protect data and personal information.
Below are a couple of ways companies can mitigate their cyber related risk:
- Know where your data is stored and who has access to it – This can be a monumental task depending on the size of your company and how well data is currently managed. Seek help from a specialist if the task seems insurmountable.
- Have a Cyber Liability insurance policy in place to protect your company in the event of a cyber/data breach – These policies not only reimburse the company for business interruption and extra expense, they also cover crisis management expenses and regulatory defense and penalties.
- Develop a cyber/data breach response plan.
- Segregate servers and data storage locations and limit access on a strictly need-to-know basis.
- Encrypt personal and confidential information stored on servers and in databases.
- Encrypt portable devices including laptops, mobile devices, external hard drives, and backup devices.
- Maintain hardware and software with latest security updates and keep anti-virus measures/definitions updated.
- Educate employees to identify phishing, email, and other scams used to steal information.
Once a company implements the measures noted above, a monitoring and testing regiment should be put in place to ensure policies and systems do not degrade over time. We recommend engaging specialists appropriately to ensure these tactics are adopted and deployed strategically and correctly.
About the Author
Jon Edwards is the IT Manager for The ALS Group. Click here to request more information about The ALS Group or developing a mobile security policy.
