Ever think about what the cost of cyber crime is per minute? RiskIQ has, and their info sheet on the costs are frightening. Dubbed “The Evil Internet Minute 2021” the info sheet “aims to illuminate the top threats facing organizations today and put the year’s cybersecurity research into context by framing it on a micro-scale.”
Among some of the frightening costs, the amount lost to cyber security incidents is $1,797,945/minute. If you run an ecommerce business, the losses incurred due to online payment fraud are $38,052/minute. For healthcare, the average cost of a breach is $13.30/minute. In terms of data, 525,600 records are breached per minute.
Cyber Security is a serious issue that needs to be addressed. As a business owner, what can you do to protect your business? Below are 6 steps that can help you prevent a cyber breach of your business.
- Strategies and Policies
This is where any security planning needs to start. There need to be security policies in place that determine what needs to be protected and who is allowed access to that data and technology. You also need be policies that relate to privacy and passwords. If you collect information on clients and staff, there need to be policies on who can access this information, how long that information should be stored, and how it should be destroyed. This is true for “paper” copies and electronic copies of data.
- Data Backups
There have been far too many stories about malware and ransomware taking hold in various types of companies around the world. In many cases, a hacker will demand a ransom payment in exchange for returning your data. Cybercriminals use a variety of means to encrypt your data so that it cannot be accessed by the users at your company. Because this data is so valuable, cybercriminals bet that you will pay the ransom in exchange for being able to access the data. To make yourself less vulnerable to ransomware, data back-ups are extremely important. For critical data (this is anything needed in day-to-day operations, including customer information), it should be backed-up nightly to a remote location. For important data (anything important to the business but that doesn’t get updated frequently), it should be backed-up semi-regularly off-site.
- Desktop Security
This involves your staff computers, and possibly tablets and other mobile devices. There should be procedures in place for ensuring all devices have up-to-date anti-malware software, policies on what can and can’t be downloaded onto devices, and a password policy, or better yet, use multifactor authentication, to minimize the risk of unauthorized access. In addition, regular patching with security updates should also be implemented.
- Internet and Network Security
Like desktop security, firewalls, intrusion detections systems and VPNs should be kept up to date. Workers should take care to always use secured Wi-Fi and internet connections. Where possible, a VPN should be used to connect remotely to servers. When leveraging the cloud, always ensure you have secured your company’s connection to the cloud services. Wherever possible, access to the cloud should have some form of multifactor authentication.
- Audit For Regulatory Compliance
Most businesses will require some sort of annual or bi-annual audit of their systems. While compliance with standards can help improve security, it does not make your business secure. Use the audit results to fix any gaps in security policy. Audit on a regular basis to ensure ongoing compliance, as things can change quickly in a year. The BDC (Business Development Bank of Canada) recommends at least every 6 months, but quarterly is better.
- Breach Response Plan
The breach response plan becomes an important part of your cyber security strategy. You need to plan how to prevent a breach, and what to do in the event of a breach just in case. Think of it like planning for a fire. While you’ve done everything you can to prevent a fire at the office, you still need to drill an escape plan should the worst happen. What would be your plan? Many small businesses turn to MSSPs (Managed Security Services Providers) to help them drill what would happen in the event of a breach, much in the same way businesses work with firefighters to help them determine a fire safety plan.
Following these 6 steps can help you avoid some of the costs mentioned in RiskIQ’s info sheet. Are you able to check all the items off the list? If there are any points where you think your business can use some help, contact Uzado today.