As children, we learn to keep our valuables under close watch when we are in public. In the cyberworld, it’s harder to keep our most valuable assets protected. Unlike a wallet, our identity, data, and customers’ personally identifiable information (PII) are not tangible items that we can keep in our sight, knowing that as long as it’s in our hands, it’s not in someone else’s. Cybersecurity then, requires a different approach.
It seems every week, a major company, city, or hospital experiences an alarming security breach. The breaches may compromise privacy (hacked laptop/phone cameras, for example), data, or PII. Credit monitoring companies, phones, hospitals, and even entire cities have been compromised or even taken hostage. Last week, it was Zoom, which left cameras vulnerable to being activated without permission (more about that problem as well as the fix here). This NPR piece offers a terrifying read on the fifth domain (after land, air, water, and space) of the cyberworld.
Businesses and consumers increasingly rely on apps and software to get their everyday work done. For companies, this comes with a responsibility to protect customers, employees and sometimes patient information. So what’s a company to do?
Okay, so it’s a real problem. Now what?
We’re not here to scare you without offering solutions. While we’re talking about what businesses can do, we would be remiss not to address one important aspect of how you can protect yourself on a personal level. You can freeze your credit as well as that of your minor-aged kids. Here’s an article from the USA Today with more about how and why to take this step.
Customers trust companies with priceless personal information and sensitive company data daily and since that’s our main focus, here are some business-oriented tips.
Password management: There are tools that offer super-secure ways to make sure your company passwords are accessible only to whom you want them to be. If you’ve ever tried to access a company account after the person who managed it is no longer with the company, you see the value here. Aside from the convenience, it’s a way to keep information super secure.
Policies and procedures: Make sure you have policies and procedures in place to prevent attacks. Train employees on good security etiquette. For most organizations, human error is by far the most likely source of mistakes that lead to breaches.
Insurance coverage: Should you experience a breach, having solid insurance coverage in place can make it a lot less painful by covering the financial loss. This article provides a lawyer’s guide to cybersecurity insurance coverage.
Penetration tests: Have third parties perform monthly security checks and an annual penetration test.
Customer encryption: Encrypt all information at multiple levels. Encryption scrambles data so that it’s unreadable without the encryption key. This article on business cybersecurity says:
“There are three ways to encrypt data: at rest, in motion and in use. Small businesses should be encrypting customer data at all three points, especially if those companies have e-commerce capabilities. Some of this is simple, like making sure your website is set up to allow only HTTPS transactions, a protocol that activates encryption. Other forms of encryption require expertise or support from a company that provides point-to-point encryption and tokenization technology, like Elavon.”
Any investment in your security is a wise investment indeed.