Cyber crimes are the fastest growing segment of crime and small businesses are often an easy target for hackers both here and across the globe. But, there are ways to protect yourself, your data, and your business from these online attacks. This morning we sat down with Brian Drury of Geny Insurance and Sean Wright of 3n1media to discuss the best ways to avoid and recover from a data breach.
From malware to scamming & phishing, improper data disposal, and inadequate data policies there are many ways your business could potentially be at risk. It’s not just your data that you need to be mindful of, but also that of your customers and your business – both in terms of paper and electronic files. Cyber threats to any of these data can result in lost revenue, compliance and recovery costs, and ongoing reputational issues.
The average cost of a cyber attack is $155 per record stolen. Don’t be caught off guard!
Here’s a place to start: Assess your level of risk by asking yourself the following questions;
- Where is your data stored?
- Is your network secure?
- How is your customer data accessed?
- How is data transmitted?
- What would happen if disaster struck your business?
- Does your workforce know and understand your security policies?
Walking through these questions can help identify what you’re doing well and where you need to improve. The good news is, there are many IT providers that can protect your business from these threats, and some insurance agencies even offer policies to protect you in case something does happen.
If there is a security issue, all is not lost.
First, don’t panic. If you’re working with a team of service providers you’re in a better place. These companies know where to look and know your state’s policies for recovery – trust their experience and follow their advice. Second, don’t call it a “breach” before you’re sure what happened. This word triggers other events and could have legal consequences for your business – try “security incident” until everything is identified.
Go through these steps to determine the seriousness of the cyber security incident!
- Discover when and where it happened.
- Evaluate the event – this may require legal and forensic IT assistance.
- Manage the short-term crisis – your insurance provider will know what mandates exist in your state.
- Manage the long-term crisis – plan for the legal, financial, and reputational fallout from the incident.
All in all – planning ahead, creating secure operating systems, and insuring yourself against security incidents are the best bets to keep your small business, your customers, and your employees safe.