The interconnectedness of today’s digital world makes it increasingly important to be vigilant on the cybersecurity front. Digital information cannot be locked up in a safe and unlike a physical object, you may never even know it’s been obtained by a malicious agent. We learn early to keep our valuables under close watch but digitally, you’re protecting invisible, highly-valuable assets. Unlike a wallet, our identity, data, and customers’ personally identifiable information (PII) are not tangible items that we can keep in our sight, knowing that as long as it’s in our hands, it’s not in someone else’s. Cybersecurity requires a different approach.
It seems every week, a major company, hospital, or education system experiences an alarming security breach. The breaches may compromise privacy (hacked laptop/phone cameras, for example), data, or PII. Credit monitoring companies, phones, and even entire cities have been compromised and even taken hostage. This NPR piece offers a sobering read on the fifth domain (after land, air, water, and space) of the cyberworld.
Businesses and consumers increasingly rely on apps and software to get everyday work done. For companies, this comes with a responsibility to protect clients’ information. So what’s a company to do?
It’s a real problem. So now what?
We’re not going to offer a sobering perspective without offering solutions. While we’re talking about what businesses can do, we would be remiss not to address one important aspect of how you can protect yourself on a personal level. You can freeze your credit as well as that of your minor-aged kids. Here’s an article from the USA Today with more about how and why to take this step.
Customers trust companies with priceless personal information and sensitive company data and companies have a great responsibility to handle that data with care.
How Companies Can Protect Sensitive Customer Information
- Password management: There are tools that offer super-secure ways to make sure your company passwords are accessible only to whom you want them to be. If you’ve ever tried to access a company account after the person who managed it is no longer with the company, you see the value here. Aside from the convenience, it’s a way to keep information super secure.
- Policies and procedures: Make sure you have policies and procedures in place to prevent attacks. Train employees on good security etiquette. For most organizations, human error is by far the most likely source of mistakes that lead to breaches.
- Insurance coverage: Should you experience a breach, having solid insurance coverage in place can make it a lot less painful by covering the financial loss. This article provides a lawyer’s guide to cybersecurity insurance coverage.
- Penetration tests: Have third parties perform monthly security checks and an annual penetration test.
- Customer encryption: Encrypt all information at multiple levels. Encryption scrambles data so that it’s unreadable without the encryption key. This article on business cybersecurity talks about three ways companies should encrypt data: “at rest, in motion and in use.”
The Bottom Line
Any investment in your security is a wise investment indeed.