More than 159,000 data breaches occurred in 2017 alone, according to a cyber incidents and breach trends report by the Online Trust Alliance. That’s almost double the number of incidents from 2016, and if it continues, it will be much higher by the end of 2018.
Most of these reported incidents involved stolen credit card information, Social Security numbers, and passwords. Every business — especially those with in-house accounting departments — stores some, or all, of this information for its customers. But even if your business doesn’t house this information, security breaches are still a clear and present danger.
Panera learned this the hard way when the company’s customer loyalty accounts were hacked. The breach affected millions of customers, but few of them considered their rewards points to be vital information. More important were the passwords they used to sign in, which many of them also use for some or most of their other online accounts.
In addition to data theft, the Online Trust Alliance’s report notes that ransomware attacks doubled in 2017 and happened at a rate of nearly 4,000 attacks per day. Teams of hackers gather in physical locations to write viruses that lock up any infected system. There’s a very practical risk of a cybersecurity breach locking up a company’s entire system. But even if the ransom is paid, the downtime until then could devastate or destroy a company.
DIY Cybersecurity for Your Business
Protecting your company’s data and infrastructure is always vital, but if you don’t deal in sensitive information, you might not need to invest a small fortune in cybersecurity.
These steps can add several additional layers of protection to the systems you already have in place:
- Train employees to keep passwords safe.
No matter the size and nature of your company, your employees are the most important frontline security checkpoint. Train them on basic security measures such as using different passwords for different accounts and changing them every two to three months. Ask them to develop the habit of using complex passwords that are completely unrelated to the others.
Keeping up with a combination of complex sign-in credentials can be taxing, but you can ease that burden by using a password storage tool. Most of them are free, but if you need a more secure option, you can purchase a companywide subscription for less than $20 a year. It’s an insignificant expense with a substantial security payoff.
- Teach employees how to fish.
The most secure passwords can’t protect your system if an employee opens a phishing email or clicks on a malicious link. A good spam filter for your Office 365 or Gmail suite can help stop most phishing emails from coming through. Be sure to also teach employees how to spot phishing emails as part of their training so they don't open the ones that do make it through that filter
These days, phishing scams are more sophisticated than ever, but they’re still simple to spot if you adhere to a few commonsense rules. For instance, you’ll never randomly win a free gift card or get your tax refund early through an email, so don’t click the link, open the attachment, or input any personal information.
- Insure against errors and omissions.
Technical errors and omissions insurance will help you recover some of your losses in case of a data breach or successful ransomware attack. Coverage isn’t usually expensive, and in case a virus does slip through the cracks, it will protect your company from devastation.
Qualifying for technical errors and omissions insurance requires at least some level of basic training, as well as a written cybersecurity policy for employees to follow. Spotting phishing emails, avoiding suspicious sites, and other methods of employee training should be recorded for future use — and to benefit from the insurance policy.
These steps can help you to strengthen your system’s security without investing in a complete overhaul. If you want to find out just how at-risk your system is and whether you may need to take further steps to secure it, then download our free Small Business Simple Security Guide or contact one of our experts for a consultation.