Companies today collect an enormous range and quantity of personal information from and about their customers. This is a natural consequence of the staggering growth in e-commerce and information-based business services. Even small-town storefronts have more customer data collection, what with email lists, customer rewards programs and credit card processing systems.
The potential dangers and consequences of a breach have never been higher.
It’s imperative for Minnesota businesses to ensure data privacy. The message is clear: businesses have an obligation to safeguard the data and privacy of their customers and their employees.
Here is how to ensure that protection.
Employees Are the Target
For years, the overarching focus of data security centered on establishing a robust defensive perimeter that began with antivirus and firewalls. The push to develop increasingly sophisticated technological countermeasures was necessary but not sufficient. And it often came at the expense of overlooking an equally important source of vulnerability.
While technological solutions can establish an imposing barrier against cyber incursion, so long as data moves through the organization, the employees who create and transfer that data are the best way for hackers to get in.
There are 3 ways that employees represent a security vulnerability to your business:
- Lack of awareness about the threats that exist and the precautions to take
- Negligence, which often stems from the lack of awareness or from simply not being diligent.
- Malicious activity, such as intentionally selling your data to a competitor or other third party
4 Pillars of Protection for Your Business
Employees do present one of the biggest risks to your organization, but the answer is not to prevent your employees from accessing data or doing their job.
We will always recommend a comprehensive network security plan to protect your business from the potential threats that increasingly target small businesses. However, any organization is made safer by starting to establish these 4 areas:
1. Cybersecurity awareness training
Establishing a mandatory training curriculum that includes a comprehensive cybersecurity training at orientation, followed by an annual or semiannual refresher training, is essential. Mandatory training doesn’t have to be boring, and it is one of the most effective ways to reduce threats by ensuring employees know what to look for and how to react when something malicious shows up.
2. No more password123 for everything
80% of hacking-related breaches leverage stolen, weak and guessable passwords. The National Initiative for Cybersecurity Careers and Studies (NICCS) provides a variety of password recommendations to incorporate at your organization. We recommend using a passphrase rather than word. Creatively alter spellings by substituting numbers and symbols for letters. It’s also imperative to use different passwords for each application. You can use password managers to keep them secure and remember them.
3. Use multifactor authentication
It turns out that even the most complex, nonsensical passphrase is not enough. In multifactor authentication (MFA), the PIN or password is the first step. This is followed by a second authentication or verification step, which usually involves an email, phone call or text message to a number or device linked to the account. In the case of more robust authentication measures, the verification can involve facial, voice or fingerprint recognition. MFA is a cost-effective and affordable way to prevent breaches to accounts. We highly recommend it, especially for organizations that have compliance requirements, such as financial institutions, medical practices and insurance companies.
4. Control access to sensitive data
Up to this point, we’ve focused largely on closing the gaps created by unaware employees. Considering the value placed on data, it’s also the case that companies can be breached intentionally by their own staff, who may access data and take it off the premises for their own gain. Organizations that have compliance requirements must have data access controls in place that prevent access by anyone who does not need to have it. Any company can and should do likewise as a matter of security best practice.
Assess, Plan and Implement
Your security doesn’t end with Cybersecurity Awareness Month in October. If you’ve never given it much thought, adopting strong passwords, establishing multifactor authentication, adding more data access controls and hosting a cybersecurity training session are easy and incredibly important steps that you can take immediately.
Deerwood’s exclusive GUARDIAN Managed Security as a Service provides the comprehensive suite of tools, trainings and support to build your walls, guard them with sentries and control who and what enters and exits through the gates.
Are your customers placing their personal information in good hands? Contact us for a comprehensive security assessment in October to take advantage of our 15% off pricing. Call us at (218) 534-5357 or reach out by email.