The average cost of a data breach to a business is estimated to be around $500,000.
The most common types of crime are ransomware, where your data is locked away until you pay a ransom fee. The other is phishing, where criminals pretend to be someone else to get you to click on a bad link.
That huge average breach figure includes:
Any ransom demanded by criminals who lock your data and remove your access to it;
The cost of recovering your data and undoing the extensive damage done; and,
Putting in place additional ongoing security measures after the breach.
On top of the financial impact, there’s the reputational one
Could you imagine picking up the phone to every single client to tell them your data about them had been accessed and stolen? Cybercriminals are targeting all businesses all the time, using clever automated tools that sniff out vulnerabilities. So, it’s only a matter of time until your business’s defenses are tested.
Here is our recommended five-step plan to prepare for an attack and protect your business.
1) Training, Training, Training
Believe it or not, your devices and software aren’t the weakest links in your defense. Your people are.
Your team’s awareness of the risks, and their mindset toward spotting risks and acting on them, can make a dramatic difference in your chances of being affected. Fortunately, with the proper training, your team can be taught the telltale signs of a scam email by looking at:
The email address from which it was sent;
The language used;
The font and design of the email; and,
The link and knowing how to check to see if it is safe before clicking on it.
All staff should have regular cybersecurity awareness training – including you. Things change so frequently that it is in your best interest to keep everyone’s knowledge topped up.
2) Use Tools Available to You
There are a lot of tools out there to help keep your business safe and protected from cyber-criminals. Make use of them.
Some of the most used tools are:
Password managers: These generate long, random character passwords for new applications and remember them, so you don’t have to.
Multi-factor authentication: This is where you enter a code from another device to prove it’s you logging in.
Encryption: This makes your device’s content look like thousands of random characters to anyone without the encryption key. So, it’s only a minor inconvenience if you lose a device, not a major catastrophe.
These are just the basics. There are always extra layers of security available. Yes, this is complicated and there are too many options from which to choose. The trick is putting together the right blend of security tools for your specific circumstances so that you’re protected, but your security is not stopping your team members from getting on with their work every day.
3) Back Up All Data All the Time
We can’t stress this enough: if you don’t already have an automated backup of your data every day, and it’s kept somewhere other than your business’s premises, arrange this today. Backups are your fallback option.
It. Is. Critical.
4) PPP
Create a policy, protocol and procedure in the event of a data breach. Sounds obvious, but this needs to be done before your business has a problem. Your policy will establish how your business will deal with any form of data breach or cyberattack.
Make your policy as detailed as possible, as it’s a guide for your company to reach the most desired outcome (in this case, the minimal impact from an attack).
Include the things your people must do as a minimum to help keep the business safe, such as using a password manager and multi-factor authentication.
Every staff member in your business should have a copy of this policy, ideally in your company handbook.
Your protocol is a written plan that contains the procedures your people must follow in a cyberattack event.
The procedures you should include are:
Who to alert in the case of a suspected breach;
What are the steps that a person should take to try to block the attack; and,
How everyone else within the business should react.
Make everything in your PPP as accurate and detailed as it can be so that people are left in no doubt about exactly what they should do.
5) Bring in the Experts
If you’re not an IT expert, a lot of this can seem very time-consuming and complicated. If you feel it’s not something that you can do justice, it’s a brilliant idea to bring in the experts.
If you don’t already have a plan in place to keep your business protected from a cyberattack, I hope you can see how vital it is. QCBN
By Theo Soumilas
For additional information or to schedule an appointment to assist your business, call 928-719-7724 or visit northernazit.com.
Theo Soumilas is the owner of Northern Arizona IT servicing the Quad Cities, Phoenix and Northern Arizona.
Leave a Reply