We hope for a lot of things in life and business. We hope we stay healthy. We hope our team wins the big game. We hope to have a successful business. We hope to make money. We hope a hacker doesn’t try to attack us. We hope that if a hacker breaches our company that our insurance will cover the loss.
We hope….
We hope…
We hope…
Yet when it comes to our home, we don’t just rely on hoping no one breaks in. We lock our doors and windows, have cameras and/or a security system, get a dog. We take precautions.
But hope is not a good strategy when it comes to your business and your security. Hoping your business is not hacked is not a strategy you can count on or take to the bank. And it’s definitely not a strategy that your clients will understand and accept, or the insurance company will be okay with and payout any claims.
We might think we are doing what we need to in order to protect our business, but we can’t just hope it’s enough. We need to be better. We need to do better.
So how do we do that? Now, you might be thinking, “but I have antivirus on my computer.” Well, that’s a great start. But the security of your computer, your data, your network shouldn’t end there.
When it comes to security, we need to take a 3-tiered approach.
The first tier is protection. The antivirus you have on your computer is one component of protection. Another element is to have internal security policies. These policies outline what measures are taking as a company and the expectations of employees. Another component of protection is employee security training.
The second tier is detection. So how do you know if a hacker broke in? Having detection tools in place is vital. Some tools can be monitoring the system for suspicious activity (employees accessing files they usually do not; executable files attempting to run, etc.).
The third tier is response. If you do find that you’ve been hacked or breached, how do you respond? Who do you call first? What’s your plan? Can you recover data? One component of response is having a Disaster Recovery Plan and Business Continuity Plan in place. You may need to call in experts to determine what data has was accessed/compromised/stolen.
Hackers aren’t just hoping that you, as a business owner, do not have the critical components in place; they are counting on it. They realize that the odds are in their favor and exploit known vulnerabilities. You’ve worked hard to build your business, don’t let one mistake or lapse in judgment ruin it.
So what can you do?
- Buy Cyber Liability Insurance
- Conduct in-depth cybersecurity training for EVERYONE in your business
- Establish policies and procedures that contain your risk
- Develop an in-depth disaster recovery AND business continuity plan
- TEST your DR/BCD regularly
- PATCH, PATCH, PATCH and PATCH Windows, Mac, AND all applications
- Encrypt EVERYTHING you can and NEVER send critical files unencrypted
- Implement auto-updated antivirus
- Control access to all data and only grant access to people who NEED it
- Hire an IT firm or individual who specializes in SECURITY to assist you