Cyber attacks seem to be occurring with ever-greater frequency. Individual cyber thieves, hostile nations and even unscrupulous competitors are testing the limits of information security. Even large corporations and the U.S. government do not always taking the precautions they need to protect sensitive data.
As a small to medium size business (SMB) owner, you might be thinking you’re not a big enough player to face a cyber attack, or to have your information stolen. This is no longer true. It’s not just massive companies like Sony, LinkedIn or Citibank that are the targets of these types of attacks; today 1 in 40 small businesses are at risk of being a victim of a cyber crime. And last year, phishing campaigns targeted small to medium size businesses 43 percent of the time.
There are many important reasons why business owners should implement key procedures to ward off potential security breaches. Apart from your reputation being ruined if your customer data is stolen, there are also significant monetary costs. According to a survey by Kaspersky Labs, small businesses pay, on average, $38,000 per data breach. Fortunately, there are steps you can take as a small business owner to mitigate against a cyber security attack or another form of information theft.
Review your current information security procedures and identify where they are lacking. This goes beyond weak passwords; the majority of information breaches are far more mundane and occur in person. For example, if an employee leaves personal data from a customer on their desk, and the cleaning service comes in after hours, that data is potentially compromised.
This is not an exhaustive list but it gives you a sense of what to look for when seeking out cyber security vulnerability. If you find any vulnerabilities, you will want to correct those weak spots. Keep these in mind when you start to craft your official cyber security policy. Once you have identified potential security vulnerabilities, you should create a written information security policy (WISP). This is your business’ official written policy on handling information that is distributed among your employees. The purpose of your WISP is to create effective administrative, technical and physical safeguards for the protection of personal information and other proprietary data.
Precautions you may want to include in your WISP are:
When it comes to cyber security, it is always wise to prepare for the worst case scenario. With that in mind, businesses should consider cyber security insurance. Lanier Upshaw offers these types of plans to help companies deal with this emerging risk. Depending on what type of coverage you receive, cyber security will cover costs like notification, identity protection solutions, public relations, legal fees, liability and more. Lanier Upshaw can help mitigate the risk of cyber security for your business, contact us here.