One of today’s most significant threats to companies across all industries are cyber-attacks. On average, data breaches cost a company $225 per compromised record, and to date, it is taking companies an average of 196 days to detect that an incident occurred and an average of 69 days to contain it.
In spite of these compelling statistics, many firms don’t take cyber-attacks seriously and are not prepared when their network, data or system has been compromised. But the reality is, in today’s environment something as simple as opening an email attachment or clicking a web link can trigger a major breach.
Addressing your internal risks will go a long way toward helping mitigate them. Major internal risks include operational vulnerabilities, which are often triggered by human error. Those vulnerabilities also include a company’s inability to detect issues (usually due to insufficient safeguards) and loose or informal operational practices.
In addition, insufficient security practices of your company’s external vendors/partners can increase your cyber-attack exposure as well.
It may seem obvious and simple but practicing good basics can’t be overstated. Here are 10 things for you to review:
- Lock your office doors when no one is there. Server rooms and equipment cabinets should also be locked.
- Don’t leave client information on desks or screens when not attended or being actively used.
- In terms of your network, make sure you have a good firewall that is kept up to date, is managed, and has some network level anti-virus and anti-intrusion detection on it. (The simple antivirus solution you started with years ago is not sufficient today.)
- Rotate your equipment purchasing so computers are current and patched with endpoint anti-virus on them. “Endpoint” refers to the ultimate user of each computer.
- Change passwords frequently. It’s not my favorite thing to do either, but it’s very helpful in warding off fraudsters. And longer is better.
- Create and review your backup policy at least twice a year.
- Maintain a device and data usage policy so there is a clear fence line about who can access what.
- Distribute, monitor and enforce your data policies. Just having them written won’t help you.
- Make sure there is a way to pull data off all devices.
- Follow a 3-2-1 Backup Strategy: keep at least 3 copies of your data, on 2 different mediums, with 1 offsite.
One final piece of advice: It’s vital for your team to understand the potential consequences of opening email attachments, not running the latest updates, and downloading infected software. Experts advise us to limit personal use on business devices and with all emails, err on the side of caution, not curiosity.
It’s a fact. Burgeoning cybercrime has created a challenging environment for all businesses, but proactive practices can go a long way to help prevent breaches and if it does happen, lessen its impact.