“Dear Client.” That’s how the letter or message can begin.
The next few sentences are a little trickier; there is really no good way for someone to learn that his or her data has been stolen.
Unfortunately, getting a letter or electronic message is becoming an all too common occurrence. Globally, organizations can lose more than $100 billion a year to cyber attacks and fraud.
While a security breach might be one of the last things on your mind, the 2016 Travelers Risk Index report shows that it’s a top concern for customers and contractors. “Personal Privacy Loss and Identity Theft” went from barely ranking on its survey a few years ago to being No. 2, right behind “Financial Security.”
The expectation of cybersecurity has to be met with the same fervor and drive that you strive to meet all your other customer and resident expectations.
1. Engage and educate your employees. It’s important that you create a culture of security within your organization because security is everyone’s responsibility. If you don’t have buy-in from all your team members, you’re exposing your organization to unnecessary risk.
The majority of attackers gain access to networks by way of social engineering and the manipulation of a user within an organization, not by command-line hacking from a dark, Cheetos-filled basement somewhere as the movies often portray. Why would someone spend days trying to crack your accountant’s password when they can simply call your IT desk pretending to be your accountant and ask staff to reset it to something new?
2. Anti-virus. Having an up to date anti-virus deployed on all of desktops and servers is vital. An unprotected computer is an easy target for a motivated attacker. Don’t make it easy on them. Pay for anti-virus software and services and make sure it’s regularly updated by IT staff.
3. Password management. It’s important that you and your employees leverage strong, complicated passwords that aren’t easy to guess. There are now hacking applications you can plug into a computer that will run through the most common 10,000 passwords used in about four minutes, trying each of them. You’d be surprised how many folks with access to critical data have the password of “password,” or if they are feeling clever, “password1.” (Did this just guess your password? Go change it!)
4. Secure your networks. Without getting too technical, just know that having a firewall between your corporate network and the Internet is extremely important. If you don’t, there is very little stopping someone from freely accessing your data.
5. Secure your cloud. No matter what cloud provider or service you use, make sure you do your due diligence on its security practices. If the provider can’t easily and quickly tell you how your data is secured, odds are it isn’t.
Also, for any accounts used to access your organization’s data, make sure you have strong passwords and only access it by a computer you own or trust. If you access your cloud on an infected machine, a hacker could potentially learn your password and use it later on without your knowledge.
6. Protect your banking information. Make sure that all financial data, accounts, and records are kept secure and segregated from the rest of your organization’s general shared drives. If financial transactions are conducted electronically, ensure they are done over an encrypted connection and that your employees never e-mail account numbers, credit card information, or sensitive financial documents.
7. Backups. One of the most common types of breaches now being seen is called ransomware attacks. Instead of stealing data from your organization, these attackers find your critical data and then encrypt it (digitally locking you out of it), making it so only the person with the digital “key” can unlock and access that data.
The hackers then offer the victim access to this key for a large fee. If you’re hit with one of these attacks, you have two options: Pay the fee or restore the locked data from a recent backup. This is why backups are so important. Recently a large hospital, a police department, and a public school, along with literally thousands of other victims, have been forced to pay tens of thousands of dollars to get their data back.
Making sure your data is backed and stored separately from your main repository can help protect you from these attacks.
8. Physical security. This one is self-explanatory but you’d be surprised how much client data is left lying around the office. Ensure your trusted employees and finance team lock away any sensitive documents when they aren’t working with them.
9. Mobile devices. While they are a convenience and increase productivity of the staff, mobile devices mean that your clients’ sensitive data can potentially walk out your organization’s door without you ever knowing it. Make sure that all mobile devices used to access organizational data have passwords—your e-mail server can force this requirement.
If you have employees that use laptops, you should look at having the hard drives for those machines encrypted. Most modern operating systems have encryption built in, you just have to enable the feature, and it’s foolish not to leverage it. If an employee accidently leaves a laptop on a plane or in the back of a taxi, you’ll be guaranteed that all data on it is secure and protected.
Your organization, your brand, and your bottom line depend on the trust you develop with other individuals. Handling the items listed above will go a long way in protecting all three.