You may think data breaches happen only to big corporations like Equifax, Capital One and Facebook. But the reality is: Small- to medium-sized businesses are at the highest risk of experiencing a breach. And 60% of small companies will go out of business within six months of a cyberattack. So, how can you help protect your business from a data breach?
To ensure your information is protected, follow this 10-step guide to keep your business secure:
- Get IT help. If your company is too small to have its own IT staff, you can still hire a consultant to help you devise security measures and establish an action plan for responding to a security breach. Once you have a plan in place, make sure everyone in your company is aware of it.
- Train your team. More than half of data breaches are caused by employee negligence. So, it’s critical to train your employees on best practices for cybersecurity. You can either hire a professional to train your team or find an online course and require each employee to complete it. Looking to keep costs down? There are plenty of free training options online.
- Follow the 3-2-1 backup rule. You should have three copies of your data. Each copy should be saved to two types of media. And you should keep one backup copy of your data at an offsite location.
- Create a password policy. Establish your own internal password policies. At Frankenmuth Insurance, we recommend passwords consisting of at least 16 characters, including special characters, upper and lowercase letters, and numbers.
- Use two-factor authentication. Two-factor authentication requires an extra verification step after a password is entered. For instance, users may be asked to link a mobile device, after which they are texted a verification code. Alternately, employees use a USB security device like a YubiKey. These additional steps add an extra level of security.
- Encourage your employees to use separate email addresses. Using one address for both personal and professional communication may seem convenient, but it opens more possibilities for being hacked. Stress the importance of work emails being purely professional. A separate email address should be used for things like streaming sites and shopping.
- Update your software. Software updates solve bugs and glitches that were discovered in earlier versions. Keeping your software up to date will make it more difficult for hackers to breach your system. Your tech company or consultant can keep you apprised of software updates and assist with installing them.
- Train employees to spot phishing scams. “Phishers” send an email or text that tricks the recipient into revealing personal information, or gets them to open an attachment that installs a computer virus. Often, these emails will appear to come from a familiar brand or even a company employee. Common phishing messages claim there is a problem with one of your accounts, ask you to confirm personal information and send you to a link to make a payment. Teach your staff that unless they are 100% sure an attachment is legitimate, they should not open it. Also, if they want to verify the sender, they should use another method of communication (like a phone call), and never use any of the contact information included in the suspicious email. Phishing emails should be reported to the Federal Trade Commission.
- Monitor your accounts. Get into a routine of checking your accounts every few weeks. Set up alerts to notify you if there is any unusual activity in your accounts, and watch for any changes in your personal or business information.
- Invest in Cyber and Data Coverage. Even if you cover steps 1-9 perfectly, there’s one more thing you can do to help protect your business from a data breach. Our Cyber and Information Protection Plus package not only covers costs resulting from such a thing, it also provides a data-breach coach who can offer security tips, training information and much more.
While the prospect of a data breach is frightening, we understand no modern-day business can get by without the Internet. To reduce your company’s risk and ward off hackers, talk to an agent about our cyber insurance and cyber services.