More than 4 billion electronic records were stolen in 2016, the result of more than 4,000 data breaches, according to a new report from Risk Based Security. That brings the number of records stolen by hackers to an all-time high.
Today, every business — regardless of size, industry or location — is at risk for a data breach. But you can help minimize the risk to your business by taking these 10 specific, proactive steps to bolster your company’s cybersecurity.
1. Know the risks
Often, businesses don’t prioritize cybersecurity because they don’t fully understand the risk. But the fallout from even a single breach could potentially cost an organization millions of dollars. In early 2017, the U.S. Department of Health &Human Services imposed a $3.2 million penalty on one health care provider because of data breaches that exposed protected health information.
The responsibility to protect sensitive information isn’t limited to health care providers. A new survey from LexisNexis Risk Solutions discovered that 35 percent of Americans store personally identifiable information — including tax records, bank statements and health records — on popular email services such as Microsoft Outlook, Gmail and Yahoo Mail.
Consider the sensitive information your company must protect. As criminals use increasingly sophisticated technology to gain access to protected information, the risk of a data breach is increasing.
2. Have a backup — and test it
Businesses frequently operate with incomplete or out-of-date backups. When ransomware or other attacks strike, these businesses don’t realize the problem until it’s too late. A plain, boring backup is your ultimate protection; if everything else fails, you can still fall back on that. Not only must the backup be complete and up-to-date, but it also needs to be routinely tested to make sure that it’s ready in case you need it.
3. Use anti-spam
Data breaches often begin with an official-looking email that contains malware or a phishing attack — an attempt by hackers to obtain usernames, passwords and other sensitive information from unsuspecting employees. The best defense against these attacks is to use a layer of anti-spam that blocks a message before it ever reaches the recipient.
4. Maximize your firewall
Most networks already use a firewall, but you can maximize its effectiveness by making sure it’s up-to-date. A firewall’s intrusion prevention function conducts a deeper level of inspection on the network traffic that passes through and can watch for known viruses and other processes.
5. Don’t rely too heavily on your antivirus
Having antivirus software installed on each workstation is a must, and you also need up-to-date antivirus installed on your server. But don’t rely on it as your sole line of defense, because antivirus software isn’t 100 percent effective. That’s because an antivirus program operates using identifiable information about known viruses. Some viruses are so new, or so infrequent, that the software doesn’t recognize the threat. That’s why antivirus software should be only one component of your security plan.
6. Utilize encryption
Any information your company sends through the internet needs to be encrypted. This is especially true if your employees use any mobile devices outside the office. A single laptop or phone that doesn’t use encryption can lead directly to a data breach.
7. Enforce your password policy
Requiring users to change their passwords every 90 days or so can reduce the risk of cybersecurity breaches. It prevents users from having stagnant passwords or using the same password across multiple login accounts. Apps such as LastPass allow users to easily create and use randomly generated passwords without having to remember them all.
8. Offer frequent user training
Teaching users to be aware of suspicious emails can cut down on the risk of a breach. Ransomware and other attacks frequently originate from incoming emails that appear to be completely legitimate. They can be prevented in part by training users to identify questionable emails, avoid clicking on hyperlinks and call an IT professional for assistance.
9. Manage security rights
Do your employees have access to everything on the server? If so, a single infected workstation could put your entire company at risk. Instead, it’s important to separate security rights according to job function. In some cases, it may mean that important data becomes less accessible to users, but it will give you the advantage of increased confidentiality and security.
10. Use two-factor authentication
When it comes to critical data, a simple password isn’t enough protection. Consider adding a second factor of authentication, such as a token or mobile app that provides an ever-changing six digit code. That way, even if hackers gain access to a username and password, the authentication code makes it much more difficult to break in.
Preparation is the best defense against data breaches that can expose your business to lasting liability. Before a breach happens, create a comprehensive cybersecurity plan that puts multiple layers of protection in place, thwarts hackers and keeps your data secure.
Tom Andrulis is the president of Intelligent Technical Solutions, which helps businesses across Nevada and California manage their networks, cloud services, phone systems and internet connections.