Building a business used to mean worrying about payroll, inventory, cash flow and dozens of other data points to keep things running. Now, add one more regular factor to keep tabs on: Cyber Security.
A recent study found 65% of companies are investing in specific cyber security initiatives, and with good reason: not only do the potential costs of a security breach continue to rise, but every business is becoming increasingly digital … and the lines between IT security and the rest of the business continue to blur.
The good news is that executives are starting to get that security is not just one department’s job. Another study on healthcare security found that strategies were generally run all the way up to the top, with those CEOs and other C-level executives buying in and offering the budgets needed to combat today’s threats.
But if companies are starting to get the message, there’s still a looming gap: Many businesses often still don’t put the resources in place to either protect themselves from attacks or plan for responding when they happen, leaving them vulnerable.
A recent study found that the average cost of a breach is a staggering $3.8 million — and about 43 percent of companies have experienced a breach.
Despite the danger, 27 percent of businesses do not have a cyber attack response plan.
Fortunately, important steps can be taken that won’t break the bank and can have a major impact on reducing the danger attacks present.
1. Sometimes less is more. Many companies are focused on gathering as much data as they can to better understand their customers and business opportunities, but not all data is created equal; some can come with a major cost. Keeping sensitive, personally identifiable data-just for the sake of having it-can backfire if it’s stolen; and in some jurisdictions, even improperly storing data can have major legal consequences.
Companies can look for vendors that offer to host and manage sensitive data for them, particularly if they don’t have the resources for dedicated security testing and training. Many payment processors, for example, can manage the entire transaction without the data ever living on servers or hardware…all the while still providing you with valuable analytics on what’s working with your customers.
In other times, minimizing how long you hold onto data can help mitigate the impact of a breach if it does occur. Make sure that you don’t just horde data to have it, unless it is being put to use and being protected.
2. Plan on being compromised One increasingly popular security mindset is to assume you’ve already been successfully attacked — even so, think through how to ensure that even if someone does get in, the damage can be minimized. One scenario might be that a laptop is stolen, which could be addressed by turning on full-disk encryption. Another might involve passwords getting leaked, in which case turning on two-factor authentication can help mitigate the damage.
Computer security is never a perfect science, but planning to compartmentalize data and permissions means that you can significantly reduce the impact of many common types of attacks.
3. Security is a team sport. For years, IT has attempted to proselytize the importance of security through regular training sessions, Message of the Day notifications and other tactics. Now, however, security can’t be limited to just one department: it has to be integrated into the considerations of everything a business does, from its policies around devices, to how it markets to customers, to which vendors it chooses. Having a single person in charge of security often still makes sense, but the practice of securing your business becomes everyone’s responsibility.
Encourage frank discussions about risks and potential impact, and ensure that security training and regular alerts reach all parts of the company, from the board of directors to the summer intern. Each person has a critical role to play.
Underwritten by HP and Microsoft