Florida Education Innovation - Florida Business Innovation
Is Google Classroom the Classroom of the Future?
July 5, 2017
Employee Performance Reviews - Florida Business Innovation
Which Type of Performance Review Method is Right for Your Business?
July 17, 2017

Cyber Security For Business Owners

Cyber Security - Cyber Insurance

Cyber attacks seem to be occurring with ever-greater frequency. Individual cyber thieves, hostile nations and even unscrupulous competitors are testing the limits of information security. Even large corporations and the U.S. government do not always taking the precautions they need to protect sensitive data.

As a small to medium size business (SMB) owner, you might be thinking you’re not a big enough player to face a cyber attack, or to have your information stolen. This is no longer true. It’s not just massive companies like Sony, LinkedIn or Citibank that are the targets of these types of attacks; today 1 in 40 small businesses are at risk of being a victim of a cyber crime. And last year, phishing campaigns targeted small to medium size businesses 43 percent of the time.

There are many important reasons why business owners should implement key procedures to ward off potential security breaches. Apart from your reputation being ruined if your customer data is stolen, there are also significant monetary costs. According to a survey by Kaspersky Labs, small businesses pay, on average, $38,000 per data breach. Fortunately, there are steps you can take as a small business owner to mitigate against a cyber security attack or another form of information theft.

  1. Audit security procedures

Review your current information security procedures and identify where they are lacking. This goes beyond weak passwords; the majority of information breaches are far more mundane and occur in person. For example, if an employee leaves personal data from a customer on their desk, and the cleaning service comes in after hours, that data is potentially compromised.

  1. Consider who has access to sensitive data
  • Who has keys to your office?
  • Are your offices are securely locked when you are closed? Identify all key holders including employees, landlords, janitorial staff and others.
  • When an employee leaves your business, do they continue to have access to your office?
  • Do employees leave sensitive data in plain site?
  1. Computer system
  • Are your servers encrypted and locked?
  • Is your business using an encryption program on all computers?
  • Do you have up-to-date malware protection and anti-virus software?
  • Are your employees allowed to access data remotely?
  • Is an encryption system (such as a VPN) required?
  • Does your company have a search password protocol or require randomly created passwords?
  • Do you keep personal data or trade secrets in the cloud?

This is not an exhaustive list but it gives you a sense of what to look for when seeking out cyber security vulnerability. If you find any vulnerabilities, you will want to correct those weak spots. Keep these in mind when you start to craft your official cyber security policy. Once you have identified potential security vulnerabilities, you should create a written information security policy (WISP). This is your business’ official written policy on handling information that is distributed among your employees. The purpose of your WISP is to create effective administrative, technical and physical safeguards for the protection of personal information and other proprietary data.

Precautions you may want to include in your WISP are:

  • Expressly state that terminated employees must return all records containing personal information in any form.
  • Address your employees’ user names and passwords, which must be changed periodically.
  • Encourage employees to report any suspicious or unauthorized use of customer information.
  • Ensure employees do not keep open files that contain personal or proprietary information at their desks when they are not there.
  • All files that contain personal information must be secured in the manner consistent with the WISP rules.
  • Restricting access to electronically-stored personal information to those employees that have an unique login ID requiring new logins.
  • Ensure files and records that contain personal information are disposed of properly.
  • Ensure you maintain reasonably up-to-date firewall protection
  • Operating system security patches installed on all systems that process personal information.
  • Up-to-date versions of system security agent software, which includes malware protection and up-to-date patches and virus protection.
  • Encryption on all laptops and portable devices that contain personal information.
  • Monitoring of all computer systems from unauthorized use of or access to personal information.
  • Be sure to require secure user authentication protocols, such as protocols for control of user IDs and other identifiers.
  • Reasonably secure system of selecting passwords.

When it comes to cyber security, it is always wise to prepare for the worst case scenario. With that in mind, businesses should consider cyber security insurance. Lanier Upshaw offers these types of plans to help companies deal with this emerging risk. Depending on what type of coverage you receive, cyber security will cover costs like notification, identity protection solutions, public relations, legal fees, liability and more. Lanier Upshaw can help mitigate the risk of cyber security for your business, contact us here.